N-Bomb(Nerd) Posted December 1, 2008 Share Posted December 1, 2008 Hi, I have script where it stores username and password into the current session data.. however I want that data to be sent to a different page of mine.. how does one do this? I've tried many times and keep on failing.. like on the login.php I have: $_SESSION['username'] = $username; $_SESSION['password'] = $password; then it gets redirected to main.php how can I access the session variables in main.php? thx Link to comment https://forums.phpfreaks.com/topic/134959-passing-session-data/ Share on other sites More sharing options...
trq Posted December 1, 2008 Share Posted December 1, 2008 main.php <?php session_start(); echo $_SESSION['username']; ?> Link to comment https://forums.phpfreaks.com/topic/134959-passing-session-data/#findComment-702864 Share on other sites More sharing options...
N-Bomb(Nerd) Posted December 1, 2008 Author Share Posted December 1, 2008 main.php <?php session_start(); echo $_SESSION['username']; ?> yes, but.. if they don't have a session and skip the login.php and go directly to the main.php since it has session_start(); it would start a session from there.. not actually resume it. How would I be able to resume the same session from login.php in main.php Link to comment https://forums.phpfreaks.com/topic/134959-passing-session-data/#findComment-702872 Share on other sites More sharing options...
trq Posted December 1, 2008 Share Posted December 1, 2008 How would I be able to resume the same session from login.php in main.php As above. Link to comment https://forums.phpfreaks.com/topic/134959-passing-session-data/#findComment-702874 Share on other sites More sharing options...
dimond345 Posted December 1, 2008 Share Posted December 1, 2008 Hello If you want to restatart session any there, you need this function: session_id(); session_id($SESSION_ID); session_start(); To save $SESSION_ID I use $_COOKIE login page: session_start(); setcookie("SESSION_ID", session_id() ,time()+36000, "/", $_SERVER['HTTP_HOST'],false); /*write to session*/ home page: if(!empty($_COOKIE['SESSION_ID'])) { session_id($_COOKIE['SESSION_ID']); session_start(); } else { header("Location: login page"); } Some thing like this. For more security I use some hash from parameters: example: $HASH = md5($SECRET_KEY+$LOGIN+$PASSWORD); setcookie("KEY", $HASH ,time()+36000, "/", $_SERVER['HTTP_HOST'],false); It will be more difficult to find how it mast look like:) Link to comment https://forums.phpfreaks.com/topic/134959-passing-session-data/#findComment-702878 Share on other sites More sharing options...
N-Bomb(Nerd) Posted December 1, 2008 Author Share Posted December 1, 2008 Thanks, I got transfer working now. I got a new question now.. I've tried: if (isset($_COOKIE['SESSION_ID'])) { setcookie('SESSION_ID', '', time()-42000, '/'); } session_destroy(); $_SESSION = array(); to completely remove that cookie/session but yet it don't remove or the value doesn't change. After I click logout which causes the above to happen I can just hit back and continue browsing logged in. How can I completely close that session out and logout? edit: Either I'm doing this all wrong or this seems very unsecure to me.. couldn't someone 'hijack' this session and just be logged in as the user? Link to comment https://forums.phpfreaks.com/topic/134959-passing-session-data/#findComment-702926 Share on other sites More sharing options...
dimond345 Posted December 1, 2008 Share Posted December 1, 2008 1. To destroy session you need open it before. 2. Write new value to cookie like i have mention before(other wise you may simply create new cookie, and did not rewrite old); <?php $SID = session_id(); if (!empty($_COOKIE['SESSION_ID']) && empty($SID)) { session_id($_COOKIE['SESSION_ID']); session_start(); setcookie("SESSION_ID", false ,time()+36000, "/", $_SERVER['HTTP_HOST'],false); $_SESSION = array(); session_destroy(); } elseif (!empty($SID)) { setcookie("SESSION_ID", false ,time()+36000, "/", $_SERVER['HTTP_HOST'],false); $_SESSION = array(); session_destroy(); } ?> some thing like this. About security, i have metion it before. Link to comment https://forums.phpfreaks.com/topic/134959-passing-session-data/#findComment-702952 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.