• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 687
  • Last Modified:

Remember Sessions Within FRAMESETS

I'm having trouble with sessions being read in a frameset.

I have a site mydomain.com where the user logs in, a cookie is created and everything works great.  Some of my pages are required to be launched from anotherdomain.com due to licensing regulations. So on the anotherdomain.com site I have some HTML files with FRAMESETS that include the PHP files from mydomain.com. When you launch these HTML files from the anotherdomain.com site the browser doesn't remember you logged in already. How can I fix this?
0
MDauphinais1
Asked:
MDauphinais1
  • 5
  • 3
1 Solution
 
karlwilburCommented:
If you know that you'll be in a frame, you could use javascript to search the parent window for its cookies. Or you could pass the PHPSESSID in a POST or GET variable rather than rely on COOKIE.

By the nature of cookies, you will not see cookies for anotherdomain.tld when your domain is mydomain.tld
0
 
MDauphinais1Author Commented:
Since I am going from my PHP site, out to an .html URL and then FRAMESETing my PHP site again, how can I pass the PHPSESSID all the way through? Is it possible to post the PHPSESSID from the original PHP file to the HTML file and then grab it from the HTML file and attach it to the FRAMESET?
0
 
karlwilburCommented:
<frameset>
         <frame src="frame1.php?PHPSESSID=<?=session_id()?>" name="frame1">
         <frame src="frame2.php?PHPSESSID=<?=session_id()?>" name="frame2">
</frameset>
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
karlwilburCommented:
Actually, this is better:

<frameset>
         <frame src="frame1.php?<?=session_name()?>=<?=session_id()?>" name="frame1">
         <frame src="frame2.php?<?=session_name()?>=<?=session_id()?>" name="frame2">
</frameset>
0
 
MDauphinais1Author Commented:
Not sure how I would use that... Here's what's happening.  

The main site  mydomain.com  has a regular link that goes to   http://anotherdomain.com/folder/folder/myfolder/page.html

In the page.html file I have the FRAMESET:
<FRAMESET COLS="100%">
<FRAME SRC="http://mydomain.com/somepage.php">
</FRAMESET>

So can I somehow grab the session id on the first page, send it to the html page, and then grab it from the html page and attach it to the php file name in the FRAMESET?

First page link:    "http://anotherdomain.com/folder/folder/myfolder/page.html?PHPSESSID=jBA9938FNSKSA92"

Page.html file:  
get PHPSESSID;

<FRAMESET COLS="100%">
<FRAME SRC="http://mydomain.com/somepage.php?PHPSESSID=jBA9938FNSKSA92">
</FRAMESET>

I think passing the session id to the HTML file through the address bar and grabing it again like you can do with PHP is my biggest problem...
0
 
karlwilburCommented:
you got is right.

though to get the session id in both somepage.php you do:
session_id($_GET['PHPSESSID']);
start_session();

but you have to make sure that your session id is "PHPSESSID" which it should be by default. It is set in your PHP.ini.

This does weaken security a bit since it is easier to pass a query string variable than it is to forge a cookie, but really...forging a cookie isn't that hard.

to get the session id from the HTML page you'll have to use some JavaScript like:
<head>
  <script>
     var sessid = "";
     var query = window.location.search.substring(1);
     var vars = query.split("&");
     for ( var i=0; i < vars.length; i++ )  {
         var pair = vars[i].split("=");
         if (pair[0] == "PHPSESSID" )  {
             sessid = pair[1];
         }
     }
     function setSrc(elem, url) {
         elem.src = url + "?PHPSESSID=" + sessid;
     }
  </script>
</head>
<body>
  <frameset>
     <frame id="frame1" src="" onload="javascript:setSrc(this, 'http://mydomain.com/somepage.php')" />
  </frameset>
</body>
0
 
MDauphinais1Author Commented:
Perfect!  Thank you.
0
 
karlwilburCommented:
Glad I could help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now