Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Using $_SESSION and Frames? |
|
Author |
|
kr33
Joined: 19 Sep 2006 Posts: 64 Location: South Africa
|
Posted: Wed 01 Nov '06 12:12 Post subject: Using $_SESSION and Frames? |
|
|
Hi,
I've designed my website using frames, My login page is a separate page on its own, it uses
<?php
session_unset();
?>
to clear any previously used session variables, once the username and password have been entered, the login page links to my validation page, which redirects to an error page should the login be incorrect and to the actual webpage if the login is correct. But the main page for the website after logging in is actually a frameset page.
I would like to know how to use session variables so that there will be NO security breaches and without parameter passing via http eg:
Code: |
header('Location: http://' . $_SERVER['HTTP_HOST']
. dirname($_SERVER['PHP_SELF'])
. '/kznUpdate.php?hufn='.urlencode($uFullName).'&ua=1');
|
Quote: | The above is just to show how i'm trying to achieve security, NOT how to redirect pages, I have no problem redirecting to other php pages |
I want to be able to use common session variables through the life of the login on each webpage and over each frame in the frameset.
If, for example, if i had to bypass the login which is, at the moment (http://localhost/kznnet/login.php), and type (http://localhost/kznnet/update/kznUpdate.php) which is the main update page and it still sort of works, instead of just giving an error to login.
How do I solve this problem?
Any Help...Thanks
Quote: | Every man has to go through Hell...to reach his Paradise |
|
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Wed 01 Nov '06 13:06 Post subject: |
|
|
I don't know why you are using frames [1] but to use different sessions you can give the session name
session_name("myname"); [2]
session_start();
to end such a session
session_name("myname");
session_start();
session_destroy();
To make sessions more secure make sure that the user can not manipulate values inside the session with GET parameters in URL or values in a POST formular.
To use session
session_name("myname");
session_start();
$_SESSION['car']="Volvo";
on the next page you can get it
session_name("myname");
session_start();
$car = $_SESSION['car'];
A short but good tut http://www.phptutorial.info/learn/session.php
[1]http://cssplay.co.uk/layouts/basics2.html
[2]http://www.php.net/session_name |
|
Back to top |
|
kr33
Joined: 19 Sep 2006 Posts: 64 Location: South Africa
|
Posted: Wed 01 Nov '06 13:23 Post subject: |
|
|
I'm using frames for the main web page, not the login page.
and the reason is that, its how i was able to achieve what I needed for the site. If there is another way to achieve the "frames effect", i'd love to know. because I have a navigation bar on the left side and the main banner at the top which I want to stay fixed and shown all the time, while the actual content will scroll if need be.
I'm open to any other suggestions with this regard, infact, if I am able to get the same effect, using a better method, please let me know. And thanks for the previous post.
|
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
|
Back to top |
|
Brian
Joined: 21 Oct 2005 Posts: 209 Location: Puyallup, WA USA
|
Posted: Wed 01 Nov '06 21:14 Post subject: |
|
|
I found the CSS alternative very helpful personally. I never use frames, and I think integrating AJAX could do some fabulous things for virtually any site.
A note of caution, using frames and sessions, since each frame is a web page, if you change the domain with one or more of the frames, such as the top from is domain1.com and the bottom frame is domain2.com, then you would not maintain session management for the frame who's domain changed. At least not how I manage sessions using PHP sessions, session cookies, and a MySQL backend.
If each of the frames are loaded post login and session initiation -and- they are on the same domain as your login session, you should be fine. Of course it just all depends on how you manage sessions. |
|
Back to top |
|
kr33
Joined: 19 Sep 2006 Posts: 64 Location: South Africa
|
Posted: Thu 02 Nov '06 11:45 Post subject: |
|
|
Thanks guys, it was a big help, and I am using the frames in the same domain, I basically used the frame ie. leftframe (contains bar for buttons to navigate around the site) and topframe(contains the banner and)
I know frames are cumbersome and becoming obsolete, as far as i know, but I've started the site using frames already and I've gone too far to convert to using CSS.
Thanks a million...if there are any other sites i can go to, to learn how to use AJAX and CSS...please let me know.
Thanks again guys. |
|
Back to top |
|
|
|
|
|
|