Setting session id

[thomashw]

I'm sending people on my site off the site for a few pages. Once they come back, the session isn't being "restarted" properly. I'm not able to continue the session while the person is off the site, but I AM able to pass a variable along which will be passed back to me.

 

Will my session be "restarted" properly if I pass the SID along and "reinstate" it? And what's the syntax to do this?

 

Thanks!

[thomashw]

If 'variable' is set to be the SID, could I do something like:

 

if ( isset ( $_POST['variable'] ) )
$_POST['PHPSESSID'] = $_POST['variable'];
session_start();

 

Will it automatically detect the $_POST['PHPSESSID'] and recognize it, or do I need to do it another way?

[PFMaBiSmAd]

As long as sessions are working using cookies, a session will resume (assuming you have a session_start() statement on each page) as long as they don't close their browser (or you have set the session cookie lifetime greater than zero.)

 

My guess would be that the URL they come back to on your site has a different path or host name (sub-domain) than what the session was started with and the session cookie parameters are not set to cause a match.

 

What are the session.cookie_path and session.cookie_domain settings?

 

Can you post the URLs you are using on your site or if you don't want to post them, change the domain to a generic name but show syntactically accurate URLs(with any www. and any paths yourdomain/yourpath1/yourpath2/yourfile.php)

[thomashw]

I thought the session would just reinstate by itself too, but it just didn't.

 

I set the return URL to include the PHPSESSID. This works.

 

I also included this, to add a little security.

 

if ( isset ( $_POST['variable'] ) )
$_GET['PHPSESSID'] = htmlspecialchars($_POST['variable']);
session_start();

 

Let me know if there is anything wrong with that.

 

Thanks!