Jump to content

Access A Different Session's $_Session Variables


Recommended Posts

Does anyone know how to access the session variables of a different session, in PHP?. The reason I need to do this is that I am accessing most pages on my website via a domain name, such as http://www.****/login.php. However, the form on the login.php page where the username and password are entered uses https://hostname.tchmachines.com/~username/do_loginphp as its Action page because I must use SSL for this to ensure that my usernames and passwords are not sent over the net in open text. This means that do_login.php is running in a different session from login.php, so I can't use the $_SESSION array to pass values from one to the other. If I pass the PHPSESSIONID of the original unencrypted session to the do_login.php page via a GET or POST variable, what I am trying to find out is, how would I then read and write values from/to the original $SESSION array?

 

Thank you - Rowan

Link to post
Share on other sites

Whatr I'm trying is:

  1. in the login page http://www.****/login.php.
    1. Do session_start().
    2. Write some values into $_SESSION.
    3. add to the login form a hidden control with name='sessionid' and value='<?=session(id)?>
  2. In the form handler (https://hostname.tch...ame/do_login.php)
    1. Do session_start().
    2. Read the value of session_id(), which is 4579fnvb049q7u5h8dmveqdm92
    3. Check the value of $_SESSION which is an empty array.
    4. Check the value of $_POST['sessionid'] which is thp24j106dp9ffdif406l37vg3
    5. Now do:

// This should restore the old session.

$fname = session_save_path() . "/sess_" . $_POST['sessionid'];
session_decode(file_get_contents($fname)))

// This should set some new session variables
$_SESSION['uehdj'] = 'iwenfio';
$_SESSION['oqyhekj'] = 'owhusnxdi';

Check the value of $_SESSION, which is
$_SESSION =
Array
(
[uehdj] => iwenfio
[oqyhekj] => owhusnxdi
)

I.e. the old session variables have not been recovered.

6. Now do:

// Ths is supposed to write the session data back to the old session file.

$session_string = session_encode();
$bytes = file_put_contents($session_string);

// This is supposed to return to a http://www.****/ page

header('Location: http://www.nydomain,.com/welcome.php');

exit();

7. Use $_SESSION, which is supposed to contain any values that it had at the beginning of this who process, plus the two I added in do_login.php


My main question is: Why are there no sess_ files in the directory /home/myaccount/tmp that match either 4579fnvb049q7u5h8dmveqdm92 or thp24j106dp9ffdif406l37vg3. The only file there is sess_ea6d51dbplto9ukucbk9fvkep86kt5f7 which doesn't mathch any session I know about.


I hope someone understands how all this stuff works and can explain to me how to get it working.

Thanks - Rowan




Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...