ansaurus

Question

Answer 1

+1 A:

The code you posted is correct. However, you may not be seeing variables in your session for one of several reasons:

$_POST['PHPSESSID'] is not set
$_POST['PHPSESSID'] contains non-numeric characters
$_POST['PHPSESSID'] does not refer to a populated session ID
session_start() was called before your call to session_id

If none of these apply, I don't know what the issue is, but why don't you try using session_name() (which was designed for what you're trying to do) instead of session_id?

Borealid 2010-09-05 15:28:43

Thank you. The variable is set, because the var_dump in the if(isset()) block is happening, so I know that is returning true. By "non-numeric" did you mean "non-alphanumeric?" Can you explain how to do this with session_name()?

Aaron Carlino 2010-09-05 15:33:26

http://php.net/manual/en/function.session-name.php

RobertPitt 2010-09-05 15:37:24

My understanding, confirmed by the link, is that session_name() is the name of the session cookie, but session_id() is the unique value. I've confirmed that the value of session_name() is "PHPSESSID" (the default value), so whether it's hardcoded or retrieve with that function, I'm not seeing how it would make a difference?

Aaron Carlino 2010-09-05 15:40:57

@Aaron Carlino: What I judged your code to be attempting to do is to segregate this particular session from all the other random sessions. Assigning it a different `session_name` does that, no? If you really want to "pick up" an old session, you'd also have to locate the ID, yes. About illegal characters, "Depending on the session handler, not all characters are allowed within the session id. For example, the file session handler only allows characters in the range a-z A-Z 0-9 , (comma) and - (minus)".

Borealid 2010-09-05 15:43:51

@Borealid: I'm actually not doing anything that complicated. I'm just trying to authenticate a Flash upload script. As you may know, when the Flash component executes a PHP script, it starts a new session, so I'm trying to force the session by posting the session ID through the request. It works in most environments. I can't understand why it would fail in some.

Aaron Carlino 2010-09-05 15:52:40

Answer 2

A:

Your $_POST['PHPSESSID'] must be wrong :

Depending on the session handler, not all characters are allowed within the session id. For example, the file session handler only allows characters in the range a-z A-Z 0-9 , (comma) and - (minus)

Check its value. If you changed the session handler, you must use only the allowed characters for this specific session handler.

Resources :

php.net - sessionid()

Colin Hebert 2010-09-05 15:36:34

$_POST['PHPSESSID'] is coming in as "88rbfemtnma9padi34kfm7imk0". session.save_handler is "files" This makes me crazy. I can confirm the session id exists because in another browser I'm doing var_dump(session_id()) and it's returning the exact value that's coming in through the request.

Aaron Carlino 2010-09-05 15:50:10

Isn't your session destroyed later in your code ?

Colin Hebert 2010-09-05 15:58:08

Answer 3

A:

There was an issue with the session save path. It wasn't set up right, so I can guess that PHP was relying on browser cookies to create the session instead of the files in the session save path.

Aaron Carlino 2010-09-06 18:27:03

ansaurus

tags:

views:

answers:

Force session ID from request

related questions