Solved

session authentication help

Posted on 2004-08-23
10
213 Views
Last Modified: 2011-09-20
Hi to all experts,
I'm a asp programmer and know very little about PHP.

Login Form:
I have a login form build in asp which accepts username/password and authenticate against db. If login successful, I set session variable session("userid")

other_web_pages
I check this session variable in every asp webpage. If it is not exist then redirect to login page.

QUESTION:
I have few PHP webpages. How do I check session("userid") in php file.
Here is what I tried. But it is not working....

ob_start();
if (!session_id()) {
    session_start();
}

//checking if user is not authenticated
if (!isset($_SESSION["userid"]))
{
      // redirecting user to the login page
      header("Location: http://myserver.com/login.asp");
      exit;
}

0
Comment
Question by:ayumi
  • 5
  • 3
  • 2
10 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 11873596
heres an overview of how it should work

setting a session variable:

session_start(); //always at top of page to initialize session data

$_SESSION['variable_name'] = "value";


checking if a session variable is set:

session_start();

if (isset($_SESSION['variable_name'])) {
 //session var is set
}


or using your piece of code as an example:

session_start();
ob_start();

if (!isset($_SESSION['userid'])) {
 header("Location: http://myserver.com/login.asp");
 exit;
}
else {
 echo "session variable is not set"; //you can optionally remove this part
}


0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11873605
note regarding the last part above, forgot about the header change, just checking its set on a debugging level:

if (!isset($_SESSION['userid'])) {
 echo "session variable is set";
}
else {
 echo "session variable is not set";
}
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11873611
oh dear me, im having one of those days apparently :), should be

if (!isset($_SESSION['userid'])) {
 echo "session variable is not set";
}
else {
 echo "session variable is set";
}
0
 

Author Comment

by:ayumi
ID: 11873745
As per your suggestion I changed but it always prints "not found"
NOTE: I'm setting session variable in asp file like this : session("username") = "ayumi"
Are you sure, I can access session variables in PHP if above is the case?

if (!session_id()) {
    session_start();
}
ob_start();

if (!isset($_SESSION['username'])) {
   echo "not found";
} else {
   echo "found";
}
0
 
LVL 27

Assisted Solution

by:Diablo84
Diablo84 earned 250 total points
ID: 11874646
i see, did not realise you was setting the sessions with ASP, as far as i am aware you cannot share sessions between ASP and PHP, atleast not directly.

You may want to look at the comments by RQuadling in the following thread which highlight a potential work around

http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Windows/Q_21083695.html

Generally though it is not a done thing.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Accepted Solution

by:
worm22 earned 250 total points
ID: 11875209
**DISCLAIMER**
I do not recommend doing this as it would open some nasty security holes.  Better to stick with one language for the whole site.
---------
If you absolutely HAVE to go from an ASP page to a PHP page, you could put all required session variables into GET or POST variables and pass it through an intermediary processing page.

---------

intermediary.php
--
session_start();
$userid = $_POST['userid'];
$_SESSION['userid'] = $userid;
header("Location: target.php");
--
0
 

Author Comment

by:ayumi
ID: 11876154
Diablo84 - Thank you for providing link to other thread which was very informative. Thanks for the time.

worm22's - I liked your approach... Please give me some time to try few things with your suggestion and I will come here tommorow...

You guys are awesome....
Ayumi
0
 

Author Comment

by:ayumi
ID: 11884771
It solved my problem. I put all required session variables into POST variables....
I split the points...
Thanks,
Ayumi
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11884785
Good luck with your code :)

|)iablo
0
 
LVL 1

Expert Comment

by:worm22
ID: 11886158
No problem.  glad it helped. :)

--
worm
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now