Passing Session Data

[N-Bomb(Nerd)]

Hi,

 

I have script where it stores username and password into the current session data.. however I want that data to be sent to a different page of mine.. how does one do this? I've tried many times and keep on failing..

 

like on the login.php I have:

$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

 

then it gets redirected to main.php

 

how can I access the session variables in main.php?

 

thx

 

 

[trq]

main.php

<?php

  session_start();

  echo $_SESSION['username'];

?>

[N-Bomb(Nerd)]

main.php

<?php

  session_start();

  echo $_SESSION['username'];

?>

 

yes, but.. if they don't have a session and skip the login.php and go directly to the main.php since it has session_start(); it would start a session from there.. not actually resume it.

 

How would I be able to resume the same session from login.php in main.php

[trq]

How would I be able to resume the same session from login.php in main.php

 

As above.

[dimond345]

Hello

If you want to restatart session any there, you need this function: session_id();

session_id($SESSION_ID);

session_start();

 

To save $SESSION_ID I use $_COOKIE

login page:

session_start();

setcookie("SESSION_ID", session_id() ,time()+36000, "/", $_SERVER['HTTP_HOST'],false);

/*write to session*/

 

home page:

if(!empty($_COOKIE['SESSION_ID']))

{

    session_id($_COOKIE['SESSION_ID']);

    session_start();

}

else

{

header("Location: login page");

}

 

Some thing like this.

 

For more security I use some hash from parameters:

example:

 

$HASH = md5($SECRET_KEY+$LOGIN+$PASSWORD);

setcookie("KEY", $HASH ,time()+36000, "/", $_SERVER['HTTP_HOST'],false);

It will be more difficult to find how it mast look like:)

 

 

[N-Bomb(Nerd)]

Thanks, I got transfer working now.

 

I got a new question now.. I've tried:

 

if (isset($_COOKIE['SESSION_ID'])) {
    	setcookie('SESSION_ID', '', time()-42000, '/');
}

session_destroy();
   $_SESSION = array();

 

to completely remove that cookie/session but yet it don't remove or the value doesn't change. After I click logout which causes the above to happen I can just hit back and continue browsing logged in. How can I completely close that session out and logout?

 

edit: Either I'm doing this all wrong or this seems very unsecure to me.. couldn't someone 'hijack' this session and just be logged in as the user?

[dimond345]

1. To destroy session you need open it before.

2. Write new value to cookie like i have mention before(other wise you may simply create new cookie, and did not rewrite old);

 

<?php
$SID = session_id();
if (!empty($_COOKIE['SESSION_ID']) && empty($SID))
{
           session_id($_COOKIE['SESSION_ID']);
session_start();
setcookie("SESSION_ID",   false ,time()+36000, "/", $_SERVER['HTTP_HOST'],false);
$_SESSION = array();
session_destroy();
}
elseif (!empty($SID))
{
setcookie("SESSION_ID",   false ,time()+36000, "/", $_SERVER['HTTP_HOST'],false);
$_SESSION = array();
session_destroy();
}
?>

 

some thing like this.

About security, i have metion it before.