How to pass session info to ssl? 1

[gdbsti]

Hi all,

I've read through some posts on ssl/sessions but still don't quite understand how to make them work.
I also read through

http://www.catb.org/~esr/faqs/smart-questions.html

too, but got (a little) lost.
With these two scripts, what would need to be added to parse the session info?

<?php 
session_cache_limiter('private_no_expire');
session_start();

if($Submit){
$message = 'No_SSL';
//header (&quot;Location: [URL unfurl="true"]https://my_website/test_2.php&quot;);[/URL] //NFG
require (&quot;test_2.php&quot;);  //OK, not secure  
exit;
}                              
?>
<html>
<head>
<title>Foo_Bar_ssl test</title>
<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;>
</head>
<body>
<form name=&quot;form1&quot; method=&quot;post&quot; action=&quot;test_1.php&quot;>
<?php
echo &quot;<input type=\&quot;text\&quot; name=\&quot;name\&quot; value=\&quot;$name\&quot;>&quot;;                    
?>
<input name=&quot;Submit&quot; type=&quot;submit&quot; value=&quot;Submit&quot;>
</form>
</body>
</html>

And 'test_2.php'

<?php 
session_cache_limiter('private_no_expire');
session_start();
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;>
</head>
<body>
<?php 
echo (&quot;$message&quot;);
?><br>
<?php 
echo (&quot;$name&quot;);
?>
</body>
</html>

Any pointers and input would be much appreciated.
TIA

GDB

 

[gdbsti]

Oops, meant to post this link..

http://www.php.net/manual/en/ref.session.php

in the abouve Q.

 

[DRJ478]

This might be a register_globals issue. Since PHP 4.2.0 register_globals is off by default. That means vars posted etc. are available through superglobal arrays e.g. $_POST['varname']. This is good, don't turn register_globals on.

In order for a variable to be registered in a session you need to assign it into the $_SESSION array. So,somwhere in the first script that receives the posted values you want to assign the value to start tracking it:

$_SESSION['name'] = $_POST['name'];

This will then make $_SESSION['name'] available in your second script. When you start referring to the vars as members of the superglobal arrays it will also become clear where the value comes from. $_SESSION, $_POST etc. clearly identify the source.

Also, which you have right, session_start() needs to be called at the top of the scripts to make the session information available.

Hope that helps.

 

[gdbsti]

Thanks for your reply DRJ478

I have tried your $_SESSION examples but yet have no joy. The server is hosted so I don't have access to modify php settings. It's running php version 4.2.3 and register_globals are on. (I guess I don't need to call $_session in that case?)

Have I got something incorrect in the in the "header" line? Is it possible to parse via the header statement to an ssl page and carry the sessions vars? If I use the "require" line it works, but I presume I can't call to a ssl page?

The pages are on the same site, just transfering to a secure page. eg

http://my_site.com/test_1.php

https://my_site.com/test_2.php

Any more thoughts would be greatly appreciated!

Thanks again.

gdb

 

[DRJ478]

Here's the probably most nuclear example of sessions:

<?php
## test1.php
session_start();

# set a variable into session
$_SESSION['testVar'] = &quot;This is the value.&quot;;

# show what's in the variable
echo(&quot;Whats's set: &quot;.$_SESSION['testVar'].&quot;<br>&quot;);

# print a link to the second file
echo('<a href=&quot;./test2.php&quot;>On we go to the next page...</a>&quot;);
?>
[code]

Now the second file to show the session data:
[code]
<?php
## test2.php
session_start();
echo(&quot;<pre>&quot;);
print_r($_SESSION);
echo(&quot;</pre>&quot;);
?>

The transfer via SSL is something the web server handles. You need not worry about that at all. It has no impact on the sessions.

 

[gdbsti]

DRJ478,

Thanks for the simplified example. That is what I want to achieve, but going from a non secure page to a secure page.

eg. Test page 1 is

http://my_site.com/test_1.php

Test page 2 is secure page.

https://my_site.com/test_2.php

I'm sorry, but I don't seem to be describing what I want to achieve very well. I don't know if this is a server or scripting issue.

Thanks again.
GDB

 

[gdbsti]

Hi again,

Just thinking about it some more, I may have the secure folder & links incorrectly set up on my server. I'll look at that now. (Any links to help files on ssl server config would be great.)

Thanks

Gdb

 

[DRJ478]

I just tried the code with https on my server here and all is working fine. You might want to ask the question in the forum corresponding to your web server software. IMO PHP is working the way it is expected to.

Good luck.

 

[gdbsti]

Thanks DRJ478,

You have really helped me with this issue as I believe I now know where the problem lays! (Secure server set-up)

Much Obliged.

Cheers

Gdb