0

I m creating a very simple PHP-based program for warehousing but quite complicated back-end process.

So here is the situation:

  1. I have the login page that directs to authorization page where it set the session_name for the first time, session_start() and set the session variables.

  2. After the authorization page, it goes to the main.php page that is a table with left hand side for menu (links) that I also did session_name() <-- same name as the one created from (1), and start the session.

  3. On the right hand side of the main page is the iframe that display the page when user click the links on the left. I also did session_name() <-- same name as the one created from (1), and start the session.

Problem:

main.php is ok, it reads the session variable perfectly, but the iframe couldn't get the session variables (i tried to print_r($_SESSION), and came up empty). I tried var_dump(session_name("abc")), where "abc" is the session name that i used in (1), and it does show "abc", tried (isset($_SESSION)) and returns true... so I don't know what am I doing wrong...

EDIT: I m sorry guys, i think i may have found the culprit... it is a logic error on my side... i have this condition to check every php page i created to destroy session when the user level is not authorized to use this current page. My bad.. thanks so much for your help guys!!

Community
  • 1
  • 1
Timothy Trisnadhama
  • 15
  • 1
  • 1
  • 5

4 Answers4

3

Make sure that session_start() is on all the pages:

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.

see PHP manual reference

To control the contents of the $_SESSION try to put in all ifreame pages the code:

<?php 
   session_start();

   echo '<pre>';
   var_dump($_SESSION);
   echo '</pre>';
Lan
  • 709
  • 1
  • 8
  • 16
  • Yes i did. session_start in main.php and let's say when main.php is called, the first page in iframe is a.php, i did put session_name() and session_start() – Timothy Trisnadhama Jul 26 '13 at 08:32
  • @TimothyTrisnadhama try to put the code in all the pages, and you will know in what the $_SESSION get lost. – Lan Jul 26 '13 at 08:59
  • yes, i found the culprit... it was definitely my fault for deleting session when my if statements logic was a bit flawed.. haha.. thanks for pointing out that "$_SESSION get lost." – Timothy Trisnadhama Jul 26 '13 at 09:12
0

Did you use session_start() at the top of the page in both the iframe as well as main.php? You need to put session_start() on the top of the iframe too.

Bhargav Ponnapalli
  • 9,224
  • 7
  • 36
  • 45
  • @trunks75 Yes i did. session_start in main.php and let's say when main.php is called, the first page in iframe is a.php, i did put session_name() and session_start() – Timothy Trisnadhama Jul 26 '13 at 08:31
0

This might solve your problem: php session & iframe

Additionally: Nothing is simple if you're using iframes to display large portions of your webiste. You might want to consider not using them.

Community
  • 1
  • 1
mgrueter
  • 1,400
  • 6
  • 15
0

I had the same problem with multiple iframes on one of my PHP webpages.

In my case, some AJAX calls to PHP endpoints were being made to www.example.com when the page was loaded using http://example.com. If you are NOT consistent with the domain path, you may have session issues since a request from www.example.com is technically from a subdomain as oppose to being made directly from http://example.com. You can avoid this problem altogether by always using relative paths to your PHP based API when making AJAX calls in JavaScript.

I found this was the case by inspecting my cookies in Chrome. I noticed two different cookies with a different PHP session ID in them. One was set for www.example.com while the other was set for example.com

As mentioned in some of the other answers, you can always set the session cookie domain to work on all of your subdomains along with your main site by using the following:

ini_set("session.cookie_domain", ".domain.com");

PHP by default will set a new session per domain / subdomain. Hope this helps!

OwN
  • 1,248
  • 12
  • 17