$_SESSION into js

[freelance84]

Is it possible to get a $_SESSION value into js without actually printing the value in the html source?

 

I want a button to change class and type when the user enters the correct string into a text field which matches a value set in $_SESSION['correct_c']....

 

I'm guessing this isn't possible as the SESSIONS are set by php by the SERVER.

 

Any tips here would be great. Thanks, John.

[freelance84]

http://www.velocityreviews.com/forums/t232172-get-session-variable-in-javascript.html  says it can't be done

 

http://www.dotnetspider.com/forum/129085-how-get-session-value-javascript.aspx says you pass it to a js variable... i've tried endlessly but its not working

[requinix]

You can use AJAX to ask PHP for the value.

 

If you're doing this for "added security" then don't bother: by doing the work in JavaScript (ie, client-side) you've already lost control of how the code behaves. Should someone be motivated enough they could just trigger the "change class and type" code manually.

[freelance84]

It's the login page...

 

Every incorrect login increments a login count by one.

 

At value 3 the user must enter a CAPTCHA to re-enable the login button (even if some forces a class change they won't get past the authenticate without the correct details)....

 

However the whole point of the CAPTCHA here is to stop a "brute force" attempt so i suppose if they can force a class change it renders it all useless...  back to php then.

 

Cheers.

[requinix]

Oh, I was thinking "class" and "type" were some aspects of your application, not the class and type of an HTML element...

 

When you do the login checks, PHP gets involved. You can keep a counter in PHP/the database so that's fine.

Once that hits 3 then the login form requires a captcha as well. Even if someone changes the HTML in a way you don't want them to, the PHP still needs the captcha.

[freelance84]

Ok here's what i originally wanted (to cut down on one client - server communication):

 

1  User logs in from index.php

  |

authenticate.php sends back with fail

  |

index.php increments SESSION log in fail count by 1

  |

2  User logs in again

  |

authenticate.php sends back with fail

  |

index.php increments SESSION log in fail count by 1

  |

3  User logs in again

  |

authenticate.php sends back with fail

  |

index.php increments SESSION log in fail count by 1

  |

4 User now sees the CAPTCHA and the login fields with the login button greyed out and the type changed from submit to button

  |

When the user enters the correct CAPTCHA into the CAPTCHA text field, javascript then changes the login button back to normal without the user doing anything. To do this JS would need to have access to the CAPTCHA stored in the SESSION.

 

 

 

What i have now done instead is:

 

When the CAPTCHA is required, index.php does not print the login form, it only prints the CAPTCHA form. Also the authenticate will not run if the  SESSION log in fail count is > 2.

When the user completes the CAPTCHA correctly the SESSION log in fail count is reset, meaning the user gets another 3 attempts to log in

 

 

After testing it everything all works fine.