Solved

session authentication help

Posted on 2004-08-23
10
212 Views
Last Modified: 2011-09-20
Hi to all experts,
I'm a asp programmer and know very little about PHP.

Login Form:
I have a login form build in asp which accepts username/password and authenticate against db. If login successful, I set session variable session("userid")

other_web_pages
I check this session variable in every asp webpage. If it is not exist then redirect to login page.

QUESTION:
I have few PHP webpages. How do I check session("userid") in php file.
Here is what I tried. But it is not working....

ob_start();
if (!session_id()) {
    session_start();
}

//checking if user is not authenticated
if (!isset($_SESSION["userid"]))
{
      // redirecting user to the login page
      header("Location: http://myserver.com/login.asp");
      exit;
}

0
Comment
Question by:ayumi
  • 5
  • 3
  • 2
10 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 11873596
heres an overview of how it should work

setting a session variable:

session_start(); //always at top of page to initialize session data

$_SESSION['variable_name'] = "value";


checking if a session variable is set:

session_start();

if (isset($_SESSION['variable_name'])) {
 //session var is set
}


or using your piece of code as an example:

session_start();
ob_start();

if (!isset($_SESSION['userid'])) {
 header("Location: http://myserver.com/login.asp");
 exit;
}
else {
 echo "session variable is not set"; //you can optionally remove this part
}


0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11873605
note regarding the last part above, forgot about the header change, just checking its set on a debugging level:

if (!isset($_SESSION['userid'])) {
 echo "session variable is set";
}
else {
 echo "session variable is not set";
}
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11873611
oh dear me, im having one of those days apparently :), should be

if (!isset($_SESSION['userid'])) {
 echo "session variable is not set";
}
else {
 echo "session variable is set";
}
0
 

Author Comment

by:ayumi
ID: 11873745
As per your suggestion I changed but it always prints "not found"
NOTE: I'm setting session variable in asp file like this : session("username") = "ayumi"
Are you sure, I can access session variables in PHP if above is the case?

if (!session_id()) {
    session_start();
}
ob_start();

if (!isset($_SESSION['username'])) {
   echo "not found";
} else {
   echo "found";
}
0
 
LVL 27

Assisted Solution

by:Diablo84
Diablo84 earned 250 total points
ID: 11874646
i see, did not realise you was setting the sessions with ASP, as far as i am aware you cannot share sessions between ASP and PHP, atleast not directly.

You may want to look at the comments by RQuadling in the following thread which highlight a potential work around

http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Windows/Q_21083695.html

Generally though it is not a done thing.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Accepted Solution

by:
worm22 earned 250 total points
ID: 11875209
**DISCLAIMER**
I do not recommend doing this as it would open some nasty security holes.  Better to stick with one language for the whole site.
---------
If you absolutely HAVE to go from an ASP page to a PHP page, you could put all required session variables into GET or POST variables and pass it through an intermediary processing page.

---------

intermediary.php
--
session_start();
$userid = $_POST['userid'];
$_SESSION['userid'] = $userid;
header("Location: target.php");
--
0
 

Author Comment

by:ayumi
ID: 11876154
Diablo84 - Thank you for providing link to other thread which was very informative. Thanks for the time.

worm22's - I liked your approach... Please give me some time to try few things with your suggestion and I will come here tommorow...

You guys are awesome....
Ayumi
0
 

Author Comment

by:ayumi
ID: 11884771
It solved my problem. I put all required session variables into POST variables....
I split the points...
Thanks,
Ayumi
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11884785
Good luck with your code :)

|)iablo
0
 
LVL 1

Expert Comment

by:worm22
ID: 11886158
No problem.  glad it helped. :)

--
worm
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now