session variables

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have come across this problem before but never really resolved it.  It
is probably something so obvious that I should be embarrassed to even
ask in this forum.

The problem is one of losing the value of a session variable. Here is a
sample of what I mean:

Form to send to credit card processing firm.  Prior to this, a session
variable for "security" had been defined as a blank space.  This file's
action goes to a secure server where another page is presented.  The
return goes to FileB.php.

// Return from cc firm.
// Do stuff to insert into our db
$_SESSION['user'] = $username;
// var_dump($_SESSION);
header("Location: ");


When I uncomment the var_dump in FileB.php, it shows the value for the
session variable for user, but not for security.  However, commenting it
out again and proceeding on the FileC.php, the session variable value
for user is lost but it has the value that for "security" that had been
set earlier in the entire process.

Specifically, in

FileB.php:   array(1) { ["user"]=>  string(6) "shelly" }

but in

FileC.php:  array(1) { ["security"]=>  &string(1) " " }

It is almost as if it is switching from one session to another.  Any ideas?

Re: session variables

sheldonlg <sheldonlg> posted in comp.lang.php:

Quoted text here. Click to load it

One thing I've found that helps when redirecting after setting $_SESSION
variables is using
session_write_close() before the redirect.


Re: session variables

Mark A. Boyd wrote:
Quoted text here. Click to load it

MMV (My Mileage Varied).  It didn't change anything.  Thanks anyway.

Re: session variables

On Jun 30, 7:23=A0pm, sheldonlg <sheldonlg> wrote:
Quoted text here. Click to load it

Have you tried doing this without redirecting the page automatically?
I think when you mess with the header information you may be messing
it up. Try using a simple hyperlink and see if that works, if it does
you can just employee JavaScript to redirect the page.

Re: session variables wrote:
Quoted text here. Click to load it

This page, fileB.php does the processing from the return from the credit
card handler.  It then has to go somewhere.  It is never shown in html.
  That is why the header information to change the page is there.

Re: session variables

sheldonlg wrote:
Quoted text here. Click to load it

What does session_name() show on each of the three pages?

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: session variables

Jerry Stuckle wrote:
Quoted text here. Click to load it

Good thought.  I'll try it and let you know.

Re: session variables

sheldonlg wrote:
Quoted text here. Click to load it

OK, this might be a clue.

In the index page I do session_name('sitename' . time());  session_start();

If I print out session_name() after that, then it gives a named session
value.  If I then go to another page, ANY page, then session_name()
gives PHPSESSID, the default session name.  All pages other than the
index page give that name.

Re: session variables

<sheldonlg> wrote in message
Quoted text here. Click to load it

Your original problem as stated above  would sem to be related to the note
on about passing session ids

"Note: Non-relative URLs are assumed to point to external sites and hence
don't append the SID, as it would be a security risk to leak the SID to a
different server."

Seems to me that the secure server definitely falls into he category of
"external sites".

Perhaps the approach to take would be to send an encrypted variable to the
secure server and have it pass that back and check that it is what you sent
a la what authorize.ent provides for just such a case. I've done just that
with their system and used what was returned, not the encrypted check part
but another after that was verified, to look up the record from the db.

Good luck.


Re: session variables

Johnny wrote:
Quoted text here. Click to load it

Yes, I have done similar stuff with allows
you to define fields that are passed to the server and that don't appear
on the page.  This credit card processor is and they don't
have that capability -- at least not with what they call "split-screen".
  Hence, I needed to maintain the session since I had to define those
variables as session variables prior to going to, and then
use them on a successful processing of the credit card in to put certain
information into my database.

Site Timeline