• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

How can I access the same Session object from both PHP and JavaScript

hi, thanks for your time.

After the user is logged into a web application, his user ID, e-mail etc are added to the session variable with JavaScript. I would like to access these session variables using PHP as well.  

I tried this:
In my TEST.ASP page:
<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<%
Session("Testing") = "Hi daar";
%>
.
.
.
<body>
<form method="post" action="UserView.php">

<% Response.Write('JS Testing = ' + Session("Testing")); %><br>
<% Response.Write('PHP abc = ');  %> <? php session_start(); print $_SESSION["abc"]; ?>  <br>
<% Response.Write('PHP abc 2 = ' + Session("abc")) %><br>

<input type="submit" value="submit">

</form>
</body>

In my UserView.PHP file:
<?php
      session_start();
      $_SESSION['abc'] = 'jou klein rakker';
?>
<body>
<form method="post" action="test.asp">
<?
      
      echo 'JS Testing  ' . $_SESSION["Testing"] . '<br>';
      echo 'PHP abc  ' . $_SESSION["abc"] . '<br>';
      echo 'PHP abc 2 ';  ?> <%@LANGUAGE="JAVASCRIPT" Response.write(Session('abc'); %> <? echo '<br>';
?>

<input type="submit" value="submit">
</form>
</body>

Am I going about this the right way?

I thought this could work as well.  After the user logged in, I redirect to a php page that would accept those values are parameters in the URL, store it in the session, and redirect to the page the Login.asp would go to e.g. Index.asp.  Could this work? I'd prefer the first option.


Thanks

0
ruanlab123
Asked:
ruanlab123
  • 4
  • 3
  • 2
2 Solutions
 
smaccariCommented:
Looks like there is something weird in all of this.
You are mlixing in one single page two server side technologies - ASP and PHP.
You simply can't do that, as the PHP code won't be parsed by the ASP engine (and ASP won't be parsed by the PHP engine).
0
 
ruanlab123Author Commented:
yeah, I guess it's a bit crazy.  I'm not used to this web development.  The application world is so much easier.
0
 
Ashley BryantSenior Software EngineerCommented:
Honestly, it's not that different from the application world anymore.  You can't build an application using VB, C, and Java all in one assembly can you?

You CAN inject a session variable into Javascript in either ASP or PHP during the page build.  However, you cannot pass session values between ASP and PHP.  Well, ok, you COULD do this if you wanted to generate an external file, or save the session variables in a database somehow, but hoenstly that would be way more trouble than it is worth.

Anyway...  Here's how you can get your asp or php variables to show up in a javascript function:

In ASP:

<script language="javascript">
function blah {
     document.write('"& Session("VariableName") &"');
}
</script>

In PHP:

<script language="javascript">
function blah {
     document.write('<?php echo $_SESSION['VariableName']; ?>');
}
</script>

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Ashley BryantSenior Software EngineerCommented:
oh woops... I did the ASP part wrong.

document.write('<%= Session("VariableName") %>');
0
 
smaccariCommented:
Yes, Ashley, you're right, but in the question, the Javascript used is not client side but server side.
And in this case, you simply can not mix it with PHP (Javascript is the ASP language in this case).
0
 
Ashley BryantSenior Software EngineerCommented:
Ahhh....yes.  I didn't bother looking at the language attribute he used for the ASP because, quite frankly, I never see anyone use anything other than VB Script.  That aside, I think we both made it fairly clear that you can't have the session variables bouncing around between the different formats.
0
 
ruanlab123Author Commented:
I thought I'd give this a try and it worked.  Well, thus far.

After the user is logged in a bunch of variables are stored in the session object (using JavaScript).  After all the session variables are added, I redirect to a PHP page that accepts the user id, name etc. as parameters via the URL.  The php page then adds these variables to a PHP session object, redirect the the index page and whoala.  The ASP and PHP session objects are set.



0
 
smaccariCommented:
That is a way you can achieve this, yes.
But take care of one thing: as the session values are passed to your PHP through URL parameters (either get or post), that means that anyone could initialize a PHP session with any values only by using an url (that is without passing by your ASP pages).
That can be a security problem.
By the way, why do you want to mix 2 server side technologies? Can't you do your application with only one?
0
 
Ashley BryantSenior Software EngineerCommented:
Yeah, I totally disagree with that approach as well.  It's not secure in the slightest.  You'll leave yourself wide open for injection attacks that way.  If it's just an intranet thing, you might be okay, but it's still not a good practice to do what you're doing.  Pick one language and stick with it. There's more than enough people on EE to answer all of your questions.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now