Jump to content
sylvest

Access A Different Session's $_Session Variables

Recommended Posts

Does anyone know how to access the session variables of a different session, in PHP?. The reason I need to do this is that I am accessing most pages on my website via a domain name, such as http://www.****/login.php. However, the form on the login.php page where the username and password are entered uses https://hostname.tchmachines.com/~username/do_loginphp as its Action page because I must use SSL for this to ensure that my usernames and passwords are not sent over the net in open text. This means that do_login.php is running in a different session from login.php, so I can't use the $_SESSION array to pass values from one to the other. If I pass the PHPSESSIONID of the original unencrypted session to the do_login.php page via a GET or POST variable, what I am trying to find out is, how would I then read and write values from/to the original $SESSION array?

 

Thank you - Rowan

Share this post


Link to post
Share on other sites

Whatr I'm trying is:

  1. in the login page http://www.****/login.php.
    1. Do session_start().
    2. Write some values into $_SESSION.
    3. add to the login form a hidden control with name='sessionid' and value='<?=session(id)?>
  2. In the form handler (https://hostname.tch...ame/do_login.php)
    1. Do session_start().
    2. Read the value of session_id(), which is 4579fnvb049q7u5h8dmveqdm92
    3. Check the value of $_SESSION which is an empty array.
    4. Check the value of $_POST['sessionid'] which is thp24j106dp9ffdif406l37vg3
    5. Now do:

// This should restore the old session.

$fname = session_save_path() . "/sess_" . $_POST['sessionid'];
session_decode(file_get_contents($fname)))

// This should set some new session variables
$_SESSION['uehdj'] = 'iwenfio';
$_SESSION['oqyhekj'] = 'owhusnxdi';

Check the value of $_SESSION, which is
$_SESSION =
Array
(
[uehdj] => iwenfio
[oqyhekj] => owhusnxdi
)

I.e. the old session variables have not been recovered.

6. Now do:

// Ths is supposed to write the session data back to the old session file.

$session_string = session_encode();
$bytes = file_put_contents($session_string);

// This is supposed to return to a http://www.****/ page

header('Location: http://www.nydomain,.com/welcome.php');

exit();

7. Use $_SESSION, which is supposed to contain any values that it had at the beginning of this who process, plus the two I added in do_login.php


My main question is: Why are there no sess_ files in the directory /home/myaccount/tmp that match either 4579fnvb049q7u5h8dmveqdm92 or thp24j106dp9ffdif406l37vg3. The only file there is sess_ea6d51dbplto9ukucbk9fvkep86kt5f7 which doesn't mathch any session I know about.


I hope someone understands how all this stuff works and can explain to me how to get it working.

Thanks - Rowan




Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×