Solved

session authentication help

Posted on 2004-08-23
10
216 Views
Last Modified: 2011-09-20
Hi to all experts,
I'm a asp programmer and know very little about PHP.

Login Form:
I have a login form build in asp which accepts username/password and authenticate against db. If login successful, I set session variable session("userid")

other_web_pages
I check this session variable in every asp webpage. If it is not exist then redirect to login page.

QUESTION:
I have few PHP webpages. How do I check session("userid") in php file.
Here is what I tried. But it is not working....

ob_start();
if (!session_id()) {
    session_start();
}

//checking if user is not authenticated
if (!isset($_SESSION["userid"]))
{
      // redirecting user to the login page
      header("Location: http://myserver.com/login.asp");
      exit;
}

0
Comment
Question by:ayumi
  • 5
  • 3
  • 2
10 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 11873596
heres an overview of how it should work

setting a session variable:

session_start(); //always at top of page to initialize session data

$_SESSION['variable_name'] = "value";


checking if a session variable is set:

session_start();

if (isset($_SESSION['variable_name'])) {
 //session var is set
}


or using your piece of code as an example:

session_start();
ob_start();

if (!isset($_SESSION['userid'])) {
 header("Location: http://myserver.com/login.asp");
 exit;
}
else {
 echo "session variable is not set"; //you can optionally remove this part
}


0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11873605
note regarding the last part above, forgot about the header change, just checking its set on a debugging level:

if (!isset($_SESSION['userid'])) {
 echo "session variable is set";
}
else {
 echo "session variable is not set";
}
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11873611
oh dear me, im having one of those days apparently :), should be

if (!isset($_SESSION['userid'])) {
 echo "session variable is not set";
}
else {
 echo "session variable is set";
}
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:ayumi
ID: 11873745
As per your suggestion I changed but it always prints "not found"
NOTE: I'm setting session variable in asp file like this : session("username") = "ayumi"
Are you sure, I can access session variables in PHP if above is the case?

if (!session_id()) {
    session_start();
}
ob_start();

if (!isset($_SESSION['username'])) {
   echo "not found";
} else {
   echo "found";
}
0
 
LVL 27

Assisted Solution

by:Diablo84
Diablo84 earned 250 total points
ID: 11874646
i see, did not realise you was setting the sessions with ASP, as far as i am aware you cannot share sessions between ASP and PHP, atleast not directly.

You may want to look at the comments by RQuadling in the following thread which highlight a potential work around

http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Windows/Q_21083695.html

Generally though it is not a done thing.
0
 
LVL 1

Accepted Solution

by:
worm22 earned 250 total points
ID: 11875209
**DISCLAIMER**
I do not recommend doing this as it would open some nasty security holes.  Better to stick with one language for the whole site.
---------
If you absolutely HAVE to go from an ASP page to a PHP page, you could put all required session variables into GET or POST variables and pass it through an intermediary processing page.

---------

intermediary.php
--
session_start();
$userid = $_POST['userid'];
$_SESSION['userid'] = $userid;
header("Location: target.php");
--
0
 

Author Comment

by:ayumi
ID: 11876154
Diablo84 - Thank you for providing link to other thread which was very informative. Thanks for the time.

worm22's - I liked your approach... Please give me some time to try few things with your suggestion and I will come here tommorow...

You guys are awesome....
Ayumi
0
 

Author Comment

by:ayumi
ID: 11884771
It solved my problem. I put all required session variables into POST variables....
I split the points...
Thanks,
Ayumi
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11884785
Good luck with your code :)

|)iablo
0
 
LVL 1

Expert Comment

by:worm22
ID: 11886158
No problem.  glad it helped. :)

--
worm
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
This article discusses four methods for overlaying images in a container on a web page
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question