...

View Full Version : Sessions variables with register globals off



gorilla1
02-10-2003, 04:16 AM
This use of sessions generally (expressed simply) has worked for me:
sess1.php:
<?php
session_start();

session_register("auth");

$auth = "true";
echo "<a href=\"sess2.php\">here</a>";
?>
sess2.php
<?php
session_start();

if ($auth) .......

?>
$auth will be set to true in the second script. However, if a server has register globals set to off, this will not work. Is there another way to set up a session variable that will work in an environment with register globals off? (I am trying to implement an authentication scheme?)
G

Spookster
02-10-2003, 04:29 AM
You would access those variables in the same manner that you would any other variable when register globals is set to off

http://codingforums.com/showthread.php?s=&threadid=12203

gorilla1
02-10-2003, 02:14 PM
Thnx Spookster - I had looked at that, and tried the following, but nothing prints out, so it does not seem to work?

sess1.php
<?php

$_SESSION['session_var']= $auth;

$auth = "yes";
echo "<a href=\"sess2.php\">here</a>";
?>

sess2.php
<?php

echo $_SESSION["auth"];

?>

bcarl314
02-10-2003, 03:40 PM
try
$HTTP_SESSION_VARS['session_var'];

mordred
02-10-2003, 03:52 PM
You forgot session_start() in your code; without it you won't find anything in $_SESSION.

gorilla1
02-10-2003, 10:48 PM
Mordred -
Per the piece by Firepages which Spookseter linked - http://codingforums.com/showthread....&threadid=12203

"//session_start() is not strictly required !//"

But I tried it anyway, and same result. Did not yet try carl's suggestion

G

firepages
02-11-2003, 12:24 AM
//session_start() is not strictly required !//

... actually depending on the php.ini configuration that may not be the case , sorry :o

session_start() is not required if session.auto_start is 'on' in the php.ini , and it appears that the 4.3.0 default php.ini at least is set 'off' though most commercial hosts seem to have it set on.


also you should be checking for echo $_SESSION['session_var']; or $HTTP_SESSION_VARS['session_var']; as bcarl suggests not 'auth' which ='yes'

either way it will be empty ;)

$_SESSION['session_var']= $auth;
$auth = "yes";

should be

$auth = "yes";
$_SESSION['session_var']= $auth;

etc

gorilla1
02-11-2003, 08:25 PM
OK, thanks much!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum