Problems with PHP Sessions

PHP
1

Hi Everyone,
I’m trying to use sessions to validate that a user has visited a certain page and clicked on a link that initiated a script, rather than just typed in the url of the script into a browser.
To do this i basically set up a session variable and saved it as 1, then in the php script i took that session variable and then incremented it by one, and then checked to make sure the variable is now two, yet no matter what i do the script functions as if php is just skipping over this part as it has had no effect on how the script works or on what it does, in other words everything works as if i changed nothing.

Here is the first document that the user needs to visit before executing the script (i took out some of the html/css/javascript so that you guys dont have to go through it, i dont think it is affecting it anyway):


<?php
session_start();
$_SESSION['valid']=1;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
//sample link
<a href="http://anothersite.com/" target="_blank" id="img" onclick="window.open('site/counter-main/site1Handler.php', 'newwin')"><img class="logos" alt="#" title="#" src="site/images/main/image1.jpg" /></a>
    <a class="logo">External Site 1</a>

Here is the actual script again i shortened it to just the part that deals with the session


session_start();
$valid = $_SESSION['valid'];
$sessionID = $valid + 1;
if($sessionID != 2){
	echo '<META HTTP-EQUIV="Refresh" CONTENT="0; URL=error/error.php">;';
}else{
//execute script

Thanks alot

2

I just tried your scripts and they work as expected.

On your second script, echo $valid and see what you got. Perhaps it will give a hint as what went wrong.

Note that I got a 1 for $valid.

3

Thanks tom8,
i did that and i got 1 each time and when i tried sessionID i got 2, so then i tried it by just directly inputting the url of the script and it worked…, however on a different browser it didn’t, until i went to the first page and then if i inputted the url it worked, so i think it has something to do with the way the browser records session variables, i think i need to destroy the variable at some point but i don’t know where, any ideas?

4

i ended up putting it in the script and it rid me of most problems except if someone were to visit the first page and then directly type in the url for the second…

5

, i think i need to destroy the variable at some point but i don’t know where, any ideas?

Yes with your code once you have visited the first page once the Session variable will be set to 1, therefore always allowing you to access your script in the second page. If you dont want this behaviour you need to either ‘unset’ the variable in your if statement or set it to a number other than 1.


if($sessionID != 2){
    echo '<META HTTP-EQUIV="Refresh" CONTENT="0; URL=error/error.php">;';
}else{
 $_SESSION['valid'] = 0; // OR
 unset($_SESSION['valid]);
//execute script
6

If you want to cure that problem you would need to use AJAX on your onclick to change the $_Session[‘valid’] variable, that way only by clicking on the link would the script be available.

7

i am not really sure how to use AJAX, but except for that problem i’m not really have any other difficulties, fo for now i think ill leave it as is, thanks anyway though

8

When you start a session, I believe a cookie is created for the browser of that session. When a new browser is used, naturally a new cookie will be used thus what you got when you used a different browser.

A session is usually timed out after about 24 minutes or you could destroy it or reset it as Mandes noted.

9

Yah i suspected something of the sort, i ended up just using unset() to destroy the session after the script had executed and reset it when the user entered the first page a second time, which eliminated most of the problems, thank you though