September 17, 2013

How to replace session_register() for PHP 5.4+

Michael Curving’s Question:

out of the blue I was getting the following error when logging in to one of my sites:

Call to undefined function session_register()

After some research I saw that session_register() is deprecated after PHP 5.4. I checked in my hosting control panel, and sure enough it says current version I’m running is PHP 5.4.19. I assume they just forced an upgrade which is why this problem seemed to occur out of the blue.

I looked through several Stack Overflow posts and reviewed links to PHP documentation. From what I gather, session_register() is deprecated and should be replaced with $_SESSION instead.

Problem is, both of those already appear in my code. Here is the code in my index.php file:

  53 <? if ($username) {
  54    session_register("ADMIN");
  55    $_SESSION['ADMIN'] = $username;
  56 ?>

So I hoped just by removing line 54 (the deprecated piece) then it should work, however that is not the case. It broke the code when I did that.

Based on other posts I read HERE and HERE they seem to be saying that the code I see in line 55 above should by itself do the trick. So I’m a bit confused why it didn’t work. If anyone can tell me what code I should use I would sincerely appreciate it. The developer of the script is not really offering support.

NOTE: Also, yes there is session_start() called at the very top of the page.

Add a session_start() at the begining of your code and $_SESSION to manipulate it or create it.

September 8, 2013

Session doesn't work

User2758781’s Question:

I’m trying to make a login page. when i try to register the username as a session it should redirect me to another page, where it checks if that session is not registered. if it isn’t, it redirects me back to the login page. well, i think it fails on the second page.

Login.php:

if($count==1){$_SESSION['user'] = $username;$_SESSION['pass'] = $password;header("location:Login_Success.php");}
else{echo "<p style='color:red'>Wrong username or password!</p>";}

login_success.php:

session_start();
if(!isset($_SESSION['username'], $_SESSION['password'])){
header("location:login.php");}

You are missing session_start(); on the begining of your code.

session_start(); //This will get you connected with your previous session

if($count==1){$_SESSION['user'] = $username;$_SESSION['pass'] = $password;header("location:Login_Success.php");}
else{echo "<p style='color:red'>Wrong username or password!</p>";}
July 15, 2013

is 'user_id' a keyword in $_SESSION['user_id']?

Sattar_kuet.bd’s Question:

I have studied the following code:

$this->user_id = $_SESSION['user_id']=$user->id;

but $_SESSION['user_id'] this does not make any sense to me. ‘user_id’ inside $_SESSION[] is not any name attribute or input field name. So is user_id is a keyword reserved in php? if so what is the significance of this keyword?

$_SESSION are super global variables which store values in SESSION and can be accessed like arrays. So user_id is just an index of a value in Session not a reserved keyword.

On the following statement

$this->user_id = $_SESSION['user_id']=$user->id;

Value from $user -> id is stored in two places (1) $this -> user_id and (2) $_SESSION['user_id']

Just like user_id a session can hold any random indices. For example

$_SESSION['asdfsafasfsadfasd'] = 'aasfsafasfasfasfasf';
May 7, 2013

Recommended max PHP session length

Vital’s Questions:

In terms of security (or other issues), what are the general recommendations / rules of thumb re PHP session length. A client with an Ecommerce website requested a 3day session length.

There are no general rule of thumb for this, depends on application build. For example:

  1. For bank website: 15/30 Seconds might be appropriate
  2. For a simple CMS application: 15 minutes long session is good enough.
March 10, 2013

Get only one array from the $_SESSION variable

Question by Nadia Shiwdin

I have an array that stores in a session variable. However I want to send only one part of the array in the SESSION variable to another page depending on which button is clicked.

The code for the button

foreach($name as  $bookname => $name){
        echo "<div class='control-group' align='center'><h4>$bookname</h4><a href='/handler' class='btn btn-large btn-block btn-primary' type='button'>follow $name</a></ul></div>";    
        $_SESSION['name'] = $name;
        $_SESSION['bookname'] = $bookname
        print_r($_SESSION['name']);

        }

The print_r gives me each in the array, what I want to do is when the button is clicked only the $name for that button is set as the $_SESSION. The way I have it now it sets the SESSION for only the last part of the array.

Answer by Starx

It works for only last part, because of the loop overrides every preceding value.

If you want to set the value in SESSION after it is clicked, you have to send the request to a different page (HTTP GET or POST request) or an AJAX request to set the values.

February 24, 2013

set php session variable using ajax/jquery

Question by user2102316

Im new to ajax/jquery. so is there an easy way that when i click a cell with in the table, the value of it will be stored in a session variable.

thanks in advance

Answer by Starx

It can be as simple as this:

The following snippet send the value to a page where session variable can be set

$.post('sessionsetter.php', { 'fieldname' : 'sessionvariablename', 'value' : 'sessionvalue'});

Now ‘sessionsetter.php’ can be something like this:

session_start();
$_SESSION[$_POST['fieldname']] = $_POST['value'];

Now, you can send as many variables you want to set as SESSION variable.

October 27, 2012

How to solve a session expiration issue

Question by user1295167

I am doing a site which has a problem with session expire issue. The form contain almost 50 input fields , I have done it in ajax. I have given the user checkings in page reload the problem is that session and cookies are setting is done when page reloads,

How can I check whether user logined or not without lossing data? Is there any ajax functions
to retain session?

Answer by Starx

One way of solving this would be to increase the session timeout.

ini_set('session.gc_maxlifetime', '3600'); //Assign the time in seconds
August 31, 2012

How to store session while sendRedirect

Question by Thunderbird

I have a condition where I want to remove the attribute from the session and I am doing response.sendRedirect after that.

But I am not sure if it will remove the session attribute ? Any thoughts ?

P.S. I have to do sendRedirect, I cannot use forward.

session.removeAttribute(Constants.USER_REQUEST_URI); 
response.sendRedirect(userReqUri);

ANSWER : Just a little debugging solved my concern. I checked the session attribute value by getting the variable and it was null. So it removed the variable from the session.

Answer by Starx

Yes, if Constants.USER_REQUEST_URI gives the correct name as it is stored in session, then it will remove them.

Session work differently than GET and POST request so redirecting and forwarding will make no difference.

Good way to confirm this, would be to check if the variable is accessible after the redirect

session.getAttribute(Constants.USER_REQUEST_URI)
May 10, 2012

PHP Session Variable In JavaScript

Question by user1345650

How could I input php in this so when it has a correct password it stores the information as a cookie and then allow the deletion to it too.

  <SCRIPT language="JavaScript">
    <!--hide

    var password;

    var pass1="password";

    password=prompt('Please enter your password to view this page!',' ');

    if (password==pass1){
      alert('Password Correct! Click OK to enter!');}
    else
       {
        window.location="//Some Location//";
        }

    //-->
    </SCRIPT>

Answer by Starx

If its simple enough (As per the title)

var varname = '<?php echo $_SESSION["variable_name"]; ?>';

But you have to seriously consider your logic. You are checking for authentication on javascript, which is going to be dumbest move in a web application.

The password is totally exposed, and any one can view them or turn off the javascript as a whole, then your whole site becomes vulnerable.


My suggestion is an AJAX request to a PHP page which separately checks and verifies the password and then returns message to the Javascript.

...

Please fill the form - I will response as fast as I can!