passing the whole session to new window.

[kucing]

when i try to open a new window using javascript window.open function. sometime the new window opens with new session.

 

So I need some help here to pass the whole session to new window using the session_id function.

 

Any work around?

 

Thanks

[br0ken]

Doesn't just using session_start() do this?

 

If not you could set a cookie storing the session id, grab that value and start a session based on that value however this seems superflous as this is the usual way sessions should work anyway! I guess it's a worth a try though if nothing else will work.

[kucing]

Thanks for your reply..

well.. how i m going to overwrite the new session with the session stored in cookie?

 

Appreciate your help.

 

[allenskd]

You'll probably find http://php.net/session reference pretty useful, and well take a look at session_is_registered($var) should hint you how to do it. Remember that you can extend a session's lifetime ( session_set_cookie_params )

[br0ken]

<?php

session_id($sessionID);
session_start();

?>

[kucing]

<?php

 

session_id($sessionID);

session_start();

 

?>

 

Thanks you all..

This works fine

 

[kucing]

I was wondering if doing this way.. is this way is safe?

like if a hacker got to know about my sessionid and takeover my session?

 

[br0ken]

This method is only as insecure as using just session_start() because sessions by default use a cookie to store the session id. It is true however that if a malicious user got hold of your session id, they could steal session.

 

I recommend using session_regenerate_id() when the user logs in/out or has any change in  authorisation level. Infact, use it as often as possible. This function creates a new session id so if a hacker did get hold of your id it would be useless pretty much instantly.

 

There are some good tutorials on the internet about session security in PHP so I would suggest given them a read for a more indepth discussion about this.