transmitting session ID via URL fails after 2 pages!

psyke · June 13, 2011, 11:56pm

Hi, I want to preserve the session id, via URL transmission, across three pages, (from page 1 to page 2, and then page 3) but I can only get it to last for two pages, even though the code is basically the same. (I can’t use javascript or cookies for this app.)

Once I go from the second page to the third, I get a new session id no matter what. Any help would be appreciated!

php v5.2.14 , session.auto_start is off

Here’s page 1 (pledge1.php):

<?php
ini_set('session.use_cookies',0);
session_start();
?>

<html>
<body>


<?php

//if form has been submitted, validate data, store it in session, go to pledge review page
if (isset($_POST['ReviewPledge'])) {

$_SESSION['amount'] = $_POST['amount'];
$url="Location: pledge2.php?".htmlentities(session_name().'='.session_id());
session_write_close();
header("$url");
exit();
}
?>

<?php
echo "session_id(): ".session_id();
echo "<br>SID: ".htmlspecialchars(SID);
echo  "<p>"
?>


<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
  Monthly pledge amount: 
  <label>
    <input type="text" name="amount" id="amount" size="2" maxlength="2"  value="<?php echo htmlspecialchars($_SESSION['amount']); ?>">
  </label>

<p>
  <label>
    <input style="font-size:20"; type="submit" name="ReviewPledge" value="Submit pledge data">
  </label>
  </form>


</body>
</html>

page 2 (pledge2.php):

<?php
ini_set('session.use_cookies',0);
session_id($_GET[htmlentities(session_name())]);
session_start();
?>


<?php
//if the 'Submit my pledge' button was clicked, proceed
// for some reason the stupid link action method isn't working! :S
 if(isset($_POST['SubmitPledge'])) {
$url="Location: pledge3.php?".htmlentities(session_name().'='.session_id());
session_write_close();
header("$url");
exit();
}
?>

<html>
<body>
 
<?php
echo "session_id(): ".session_id();
echo "<br>SID: ".htmlspecialchars(SID);
echo  "<p>"
?>

   You have pledged: $
  
<?php
echo $_SESSION['amount'];
?>
  
  
<FORM METHOD="LINK" ACTION="pledge1.php">
 <INPUT TYPE="submit" VALUE="Go back and change pledge info.">
 </FORM>

<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<input style="font-size:20"; type="submit" name="SubmitPledge" value="Submit my pledge">
</form>

<!-- 
 <FORM METHOD="LINK" ACTION="<?php echo 'pledge3.php?'.htmlentities(session_name().'='.session_id()).'/'; ?>">
 <INPUT TYPE="submit" VALUE="Submit my pledge">
 </FORM>
-->  

</body>
</html>

and here’s page 3 (pledge3.php):

<?php
ini_set('session.use_cookies',0);
session_id($_GET[htmlentities(session_name())]);
session_start();
?>


<html>
<body>
 
<?php
echo "session_id(): ".session_id();
echo "<br>SID: ".htmlspecialchars(SID);
echo  "<p>"
?>

   Thank you for your monthly pledge of: $
  
<?php
echo $_SESSION['amount'];
?>

<p>e-mail confirmation to user</p>  
  
  
</body>
</html>

Phatnoir · June 14, 2011, 12:05am

I could be wrong but I think you might have to run ‘session_start();’ before doing other session things.

psyke · June 14, 2011, 12:20am

Thank you Phatnoir.

To be honewst, I didn’t expect it to help but to be safe, I went through the three php files and ensured the very first statement in each .php file was ‘session_start();’

That seems to have doen the trick, the only thing now is that on page 3 I get a php error:

"Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
"

I must say though, I can’t beleive just making sure ‘session_start();’ was the first instruction helped… I could have sworn that the session id had to be se first (which i was doing via ‘session_id($_GET[htmlentities(session_name())]);’).

Anyway, thank you very much, I’m going to see about this php warning now…

psyke · June 14, 2011, 12:31am

sorry don’t mean to be a pain…

it’s just that i like to understand why things are (or are not) working…

as i indicated, page 3 now although everything appears to be fine, and page 3 is showing a session variable i had set on page 1. the session id on page 3 is empty, which seems very odd to me. plus there’s that odd php warning.

appreciate the advice nonetheless!

Phatnoir · June 14, 2011, 12:33am

This is how it was explained to me:
[php]
// Call this function to create a session or resume the current session.
session_start();
[/php]
Glad I could help, best of luck on the new error.