Solved

Working with sessions

Posted on 2002-07-04
5
204 Views
Last Modified: 2006-11-17
I have two pages a.php and b.php. In a.php I start a session using session_start() and then register a variable count using session_register('count'). I have a hyperlink in a to b. When b.php is loaded it has to read the value of count from session and output it.

Is reading of the count from b.php possible. If so, can you please tell me how?
0
Comment
Question by:team
5 Comments
 
LVL 1

Accepted Solution

by:
Seever earned 25 total points
ID: 7130578
Do something like that.

a.php.
------
<?php
session_start();

$sess_count = 10;
session_register("sess_count");
?>

<HTML>
<HEAD>
<TITLE> New Document </TITLE>
<META NAME="Author" CONTENT="">
<META NAME="Keywords" CONTENT="">
<META NAME="Description" CONTENT="">
</HEAD>

<BODY>
<a href="b.php">go to b.php</a>
</BODY>
</HTML>


b.php.
------
<?php
session_start();
?>

<HTML>
<HEAD>
<TITLE> New Document </TITLE>
<META NAME="Author" CONTENT="">
<META NAME="Keywords" CONTENT="">
<META NAME="Description" CONTENT="">
</HEAD>

<BODY>

<?php
     echo "Session Counter value is :".$sess_count;
?>
</BODY>
</HTML>
----------------------------------

Regards,
Seever
0
 
LVL 40

Assisted Solution

by:Richard Quadling
Richard Quadling earned 25 total points
ID: 7131418
If you are using a later version of PHP which has the new super global arrays, then you can use ...

<?php
    echo "Session Counter value is :".$_SESSION["sess_count"];
?>

too.

If you do intend to use the new $_xxx arrays, then you do not need to turn on global variables.


Fromt the PHP Manual.

Session variables: $_SESSION
Note: Introduced in 4.1.0. In earlier versions, use $HTTP_SESSION_VARS.

An associative array containing session variables available to the current script. See the Session functions documentation for more information on how this is used.

This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes throughout a script. You don't need to do a global $_SESSION; to access it within functions or methods, as you do with $HTTP_SESSION_VARS.

$HTTP_SESSION_VARS contains the same information, but is not an autoglobal.

If the register_globals directive is set, then these variables will also be made available in the global scope of the script; i.e., separate from the $_SESSION and $HTTP_SESSION_VARS arrays. For related information, see the security chapter titled Using Register Globals. These individual globals are not autoglobals.


and "Using Register Globals"



Using Register Globals
One feature of PHP that can be used to enhance security is configuring PHP with register_globals = off. By turning off the ability for any user-submitted variable to be injected into PHP code, you can reduce the amount of variable poisoning a potential attacker may inflict. They will have to take the additional time to forge submissions, and your internal variables are effectively isolated from user submitted data.

While it does slightly increase the amount of effort required to work with PHP, it has been argued that the benefits far outweigh the effort. Example 4-14. Working without register_globals=off

<?php
if ($username) {  // can be forged by a user in get/post/cookies
    $good_login = 1;
}

if ($good_login == 1) { // can be forged by a user in get/post/cookies,
    fpassthru ("/highly/sensitive/data/index.html");
}
?>
 
 
Example 4-15. Working with register_globals = off

<?php
if($HTTP_COOKIE_VARS['username']){
    // can only come from a cookie, forged or otherwise
    $good_login = 1;
    fpassthru ("/highly/sensitive/data/index.html");
}
?>
 
 
By using this wisely, it's even possible to take preventative measures to warn when forging is being attempted. If you know ahead of time exactly where a variable should be coming from, you can check to see if submitted data is coming from an inappropriate kind of submission. While it doesn't guarantee that data has not been forged, it does require an attacker to guess the right kind of forging. Example 4-16. Detecting simple variable poisoning

<?php
if ($HTTP_COOKIE_VARS['username'] &&
    !$HTTP_POST_VARS['username'] &&
    !$HTTP_GET_VARS['username'] ) {
    // Perform other checks to validate the user name...
    $good_login = 1;
    fpassthru ("/highly/sensitive/data/index.html");
} else {
   mail("admin@example.com", "Possible breakin attempt", $HTTP_SERVER_VARS['REMOTE_ADDR']);
   echo "Security violation, admin has been alerted.";
   exit;
}
?>
 
 
Of course, simply turning off register_globals does not mean code is secure. For every piece of data that is submitted, it should also be checked in other ways.



Regards,

Richard Quadling.
0
 
LVL 11

Expert Comment

by:shmert
ID: 9643735
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
   Split: seever & rquadling
Please leave any comments here within the next seven days.
               
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
               
Sam Barnum
EE Cleanup Volunteer              
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
JQuery Search Filter 2 69
update query is not working , giving Mariadb server version error 1 41
Make check boxes work 8 45
How do I update select listbox after search 2 24
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question