kucing Posted July 4, 2008 Share Posted July 4, 2008 when i try to open a new window using javascript window.open function. sometime the new window opens with new session. So I need some help here to pass the whole session to new window using the session_id function. Any work around? Thanks Quote Link to comment Share on other sites More sharing options...
br0ken Posted July 4, 2008 Share Posted July 4, 2008 Doesn't just using session_start() do this? If not you could set a cookie storing the session id, grab that value and start a session based on that value however this seems superflous as this is the usual way sessions should work anyway! I guess it's a worth a try though if nothing else will work. Quote Link to comment Share on other sites More sharing options...
kucing Posted July 4, 2008 Author Share Posted July 4, 2008 Thanks for your reply.. well.. how i m going to overwrite the new session with the session stored in cookie? Appreciate your help. Quote Link to comment Share on other sites More sharing options...
allenskd Posted July 4, 2008 Share Posted July 4, 2008 You'll probably find http://php.net/session reference pretty useful, and well take a look at session_is_registered($var) should hint you how to do it. Remember that you can extend a session's lifetime ( session_set_cookie_params ) Quote Link to comment Share on other sites More sharing options...
br0ken Posted July 4, 2008 Share Posted July 4, 2008 <?php session_id($sessionID); session_start(); ?> Quote Link to comment Share on other sites More sharing options...
kucing Posted July 4, 2008 Author Share Posted July 4, 2008 <?php session_id($sessionID); session_start(); ?> Thanks you all.. This works fine Quote Link to comment Share on other sites More sharing options...
kucing Posted July 4, 2008 Author Share Posted July 4, 2008 I was wondering if doing this way.. is this way is safe? like if a hacker got to know about my sessionid and takeover my session? Quote Link to comment Share on other sites More sharing options...
br0ken Posted July 4, 2008 Share Posted July 4, 2008 This method is only as insecure as using just session_start() because sessions by default use a cookie to store the session id. It is true however that if a malicious user got hold of your session id, they could steal session. I recommend using session_regenerate_id() when the user logs in/out or has any change in authorisation level. Infact, use it as often as possible. This function creates a new session id so if a hacker did get hold of your id it would be useless pretty much instantly. There are some good tutorials on the internet about session security in PHP so I would suggest given them a read for a more indepth discussion about this. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.