$ SESSION var not being write

Forum Moderators: coopster

Message Too Old, No Replies

$ SESSION var not being write

Mihai

2:27 am on Apr 15, 2007 (gmt 0)

so,
my very big problem is lie this: because FF does not set $_SERVER['HTTP_REFERER'] when using AJAX (and i need to use this to assure that no atack from outside are permitted) i set up a session variable in the page i am calling AJAX which i gave value 1; in the header of every other pages i reset it to 0; for login process works perfect BUT
the second time i am trying to use this method i have the following problem: i put echo on the page where AJAX will be available and the value display correct 1 ; in the script AJAX calls the value is 0;

PS: after 2 days of searching i found out a very interesting thing: when the value displays corect before AJAX in fact in session directory , if i check inside the file manually i found out that my var is till 0.

any ideas are greatly appreciated.

Mihai

2:36 am on Apr 15, 2007 (gmt 0)

i have omitted to day the rest of variables in the session display corect values! only this one remains 0.

Sekka

1:59 pm on Apr 15, 2007 (gmt 0)

Not entirely sure what you are trying to achieve, maybe due to my lack of caffeine, but why not use the SESSION ID as a check? Store it in the user record in your DB and check that the SESSION ID is the same everytime a page is called.

coopster

2:49 am on Apr 16, 2007 (gmt 0)

HTTP_REFERER is never guaranteed to be there, anyway. Do a quick search on the web or over these forums for more information.

And welcome to WebmasterWorld, Mihai.

Mihai

4:53 am on Apr 16, 2007 (gmt 0)

thanks coopster

my problem began developing a shop with ajax; when accesing a page thru ajax in FF http_referer is missing this is why i put a session variable in the header where let's say it was $_SESSION['test']=0; and in the pages like login and other somewhere down i change this var to 1... so i can check it in login.php to be sure the request comes from site;

for the moment works but i don't really know what happened;

yesterday all day i had this problem: print_r($_SESSION) in my pages displayed the values i wanted but in sess_ file on my server the value of test was not changing;

a bit of solution was to put session_start a second time in header after $_SESSION['test']=0; (i did not received any error like already sent i suppose because of output buffering ....)

in this moment the second session_start() is commented and app works

[edited by: Mihai at 4:53 am (utc) on April 16, 2007]