drath Posted February 3, 2010 Share Posted February 3, 2010 I'm having a rough time sending a variable to three different pages on my site by having the first page (apple.php) send data a long to the next two pages. My original solution of using SESSION to pass the variable a long failed because users could go the first page (apple.php), then go to another version of the first page (orange.php) to spoof the session data and use it for the first version of the first page (apple.php) so it would read as though the variables are coming from (orange.php). Confused yet? The same issue applies to cookies and even writing to a database for that matter. One solution I thought of is to not set the session if the session was already open the variable was set. This failed, because I can't unset the variables until the third page, and sometimes the user stops right at the first page (apple.php or orange.php). I would be locking them out completely? HTTP_REFERER worked as well, because I could directly see if they were coming from orange.php or apple.php - but HTTP_REFERER can be spoofed even easier as well as anti-virus apps block it like crazy so it's useless. Any idea? Hopefully I didn't miss anything or was too confusing. If you need a visual of what I am explaining: orange.php (set session $variable = orange) --> secondpage.php (read $variable) --> thirdpage.php (read $variable, unset session) apple.php (set session $variable = apple) --> secondpage.php (read $variable) --> thirdpage.php (read $variable, unset session) Quote Link to comment https://forums.phpfreaks.com/topic/190741-no-sessions-no-cookies-no-http_referer-what-next/ Share on other sites More sharing options...
PFMaBiSmAd Posted February 3, 2010 Share Posted February 3, 2010 Use a $_SESSION variable, but set it to a different unique value on each page (after you test if it has the correct value that says the visitor came from the previous page.) Quote Link to comment https://forums.phpfreaks.com/topic/190741-no-sessions-no-cookies-no-http_referer-what-next/#findComment-1005885 Share on other sites More sharing options...
drath Posted February 3, 2010 Author Share Posted February 3, 2010 I am already using a unique value for the variable (refer to my semi-visual diagram that I added while you posted). Unless you mean set a unique variable name AND variable value... hmmm, would there be any way to get the variable name? Quote Link to comment https://forums.phpfreaks.com/topic/190741-no-sessions-no-cookies-no-http_referer-what-next/#findComment-1005886 Share on other sites More sharing options...
PFMaBiSmAd Posted February 4, 2010 Share Posted February 4, 2010 Cannot really help you with what your code is doing or not doing without seeing it. Quote Link to comment https://forums.phpfreaks.com/topic/190741-no-sessions-no-cookies-no-http_referer-what-next/#findComment-1006734 Share on other sites More sharing options...
oni-kun Posted February 4, 2010 Share Posted February 4, 2010 ##apple.php if (!isset($_SESSION['page'])) { $_SESSION['page'] == $_SERVER['PHP_SELF']; //apple.php } ##2.php if (isset($_SESSION['page'])) { print $_SESSION['page']; } else { //... } ##3.php if (isset($_SESSION['page'])) { unset($_SESSION['page']; } Like so? Quote Link to comment https://forums.phpfreaks.com/topic/190741-no-sessions-no-cookies-no-http_referer-what-next/#findComment-1006745 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.