0

I have a simple page where the users log into a chatroom with their logins through http authentication. What I need to do, is pass their login name as the username through the session to other pages they'll access while in the room. This is the coding assuming it goes on the page they're logging in from that I have to initialize and setup the session.

<? 
session_start();
 if (isset($_SERVER['PHP_AUTH_USER']))

$_SESSION['username'] = $_SERVER['PHP_AUTH_USER'];

?>
<html>

<head>
<title>TESTING</title>

</head>
<body background="http://testsite.com/example/entry2a.png">

<body text="#FFFFFF" bgcolor="#000000" link="#808080" vlink="#808080" alink="#808080">
<font face="verdana,arial,sans-serif">
<center><br>
<table border="0"><tr><td>

<table border="0">
  <tr>
    <td>

      <table border="0" cellspacing="0" cellpadding="0">
      <form action="http://testsite.com/rooms/enter/thisroom" method="POST" target="_top"
      <tr>
        <td>

          <table width="100%" border="0" cellspacing="0" cellpadding="0">
            <tr>
              <td height="20" align="right"><font size="-1">Screen Name:&nbsp;</font></td>
              <td height="20"><input name="USER" value="Tester"></td>
            </tr>
        </td>
          </table>
        <td width="4">&nbsp;</td>
        <td>
          <table border="0" cellspacing="0" cellpadding="0">
            <tr>
              <td height="20" align="right"><font size="-1">Entrance:&nbsp;</font></td>
              <td height="20"><input name="SAYS" value="Enters the room..."></td>
            </tr>
        </td>
          </table>
        <td width="4">&nbsp;</td>
        <td>
          <table border="0" cellspacing="0" cellpadding="0">
            <tr>
              <td height="20" align="right"><font size="-1">History:&nbsp;</font></td>
              <td height="20"><input name="HISTORY" value="20" size=2></td>            </tr>
        </td>
          </table>

        <td width="4">&nbsp;</td>
        <td>
          <table border="0" cellspacing="0" cellpadding="0">
            <tr>
              <td height="20" align="right"><font size="-1">No Pics:&nbsp;</font></td>
              <td height="20"><input name="NOPIC" value="1" type="checkbox" checked></td>
            </tr>
            <tr>
              <td height="20" align="right"><font size="-1">Save name:&nbsp;</font></td>
              <td height="20"><input type="checkbox" name="SAVE" value="1"></td>
            </tr>
          </table>

        </td>
        <td width="4">&nbsp;</td>
        <td>

          <table border="0" cellspacing="0" cellpadding="0">

              <td height="20" colspan=3>
             <input type=hidden name="ACTION" value="says to">
            <input type=hidden name="WHOTO" value="ALL">
            <input type=submit value="Click to Enter if 18+"></td>
            </tr>
          </table>
      </form>
      </table>
      </table>

    </td>
  </tr>
</table>

</td></tr></table>
</body>
</html>

Then on subsequent pages, I have:

<?php
if (session_id() == "")
{
   session_start();
}
?>

At the top of each page (though only one really needs the session name to pull directory information from a user folder to populate a dropdown list through php). On the subsequent page I can find the directory, but I can't find the user folder, presumably because the session name isn't being passed on and I'm not quite sure what I'm missing.

Robert Ettinger
  • 319
  • 1
  • 3
  • 17

1 Answers1

1

session_start — Start new or resume existing session

http://php.net/manual/en/function.session-start.php

edit: 

<?php
if (session_id() == "")
{
   session_start();
}
?>

This will never resume an already created session.

CBroe is right, session_id() is always empty before session_start(), it doesn't parse the request session_id on its own, so the code will get executed anyway.

Given there are subdomains and iframes involved maybe the answer is related to: Allow php sessions to carry over to subdomains

Community
  • 1
  • 1
aergistal
  • 29,947
  • 5
  • 70
  • 92
  • Thank you for the help and the link aergistal. I'm assuming with my coding I'm starting the session on my login page correctly, then on subsequent pages I have at the top of them however on the one page I need it, it still doesn't seem to find the session name. It is a page loaded into an iframe from the main domain into the subdomain, if that makes sense so I'm not sure if that has an issue. The page never changes just whats loaded in it does. – Robert Ettinger Mar 13 '15 at 01:42
  • You can always var_dump($_SESSION) to see what's in it. Also, see [http://stackoverflow.com/questions/8957769/php-session-iframe](http://stackoverflow.com/questions/8957769/php-session-iframe) – aergistal Mar 13 '15 at 01:48
  • 1
    _“This will never resume an already created session” – yes it will, because `session_id` only “knows” the session id when the session has already been started or picked up, i.e. if `session_start` has been called before in the same script already. – CBroe Mar 13 '15 at 01:57
  • Thank you Aergistal and CBroe. I'm looking into the iframe session issue now which may be causing it, I'm just curious if I'm initializing my session correctly to create the $_session['username'] variable correctly? – Robert Ettinger Mar 13 '15 at 01:59
  • Hrm. I ran var_dump and it shows array(0) { } both on my enter page and in the subsequent page trying to pick up the session. – Robert Ettinger Mar 13 '15 at 02:16