2

I have an order page where people can submit orders to my company. Before they submit the order, they are required to enter a Captcha code. This order page is located in a Frames page on my company site. When the correct code is entered, the order is supposed to be processed, but it is not. If a wrong code is entered an error message displays at the top of the page indicating a wrong code:

<?php
if (!empty($_SESSION['wrong_security_code_message'])) {
echo '<p style="color:red;">'. $_SESSION['wrong_security_code_message'] . '</p>';
unset($_SESSION['wrong_security_code_message']);
}
?>

Even when I enter the correct code, it displays the error message. I can't figure out where the problem is.

John
  • 23
  • 3

1 Answers1

0

I think this is because you forgot session_start. You should always start with session_start when using sessions:

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.

<?php

session_start();

if (!empty($_SESSION['wrong_security_code_message'])) {
echo '<p style="color:red;">'. $_SESSION['wrong_security_code_message'] . '</p>';
unset($_SESSION['wrong_security_code_message']);
}

?>

Update

I suspect maybe P3P might be the problem => Cookie blocked/not saved in IFRAME in Internet Explorer

Community
  • 1
  • 1
Alfred
  • 60,935
  • 33
  • 147
  • 186
  • Even with session_start(): it doesn't work. It works just fine when the order page is not located inside a frame page. When the page is located inside a frame, it doesn't work. Could that have something to do with it. I have to have files inside the directory for the captcha to work. I would assume those files have to be placed on my company site where I am referencing the order page inside my frames page? – John Jul 18 '11 at 22:33
  • How about if you replace empty(), by isset() instead?? Could you give us also verbose curl output using `curl -v` – Alfred Jul 18 '11 at 22:40
  • Are you doing cross domain iframe? Because cookies can't be read because same origin policy. – Alfred Jul 18 '11 at 22:41
  • Maybe. The directory where this order page is located is on the server. On a different server where I have my company website, I have the order page inside a frames page. Is that causing the problem? – John Jul 18 '11 at 22:45
  • @John, can't you isolate the code and share a complete sample to test/share locally?? I think same origin policy is too blame.. But I am not sure yet... – Alfred Jul 18 '11 at 22:48
  • If I test it locally it works just fine, even in a frames page. – John Jul 18 '11 at 22:52
  • which domains are both iframes. Because locally you should also use different domains if iframes do have different domains. Can I see code online?? – Alfred Jul 18 '11 at 23:00