logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Using $_SESSION and Frames?

 
Post new topic   Reply to topic    Apache Forum Index -> Coding & Scripting Corner



View previous topic :: View next topic  
Author Message
kr33



Joined: 19 Sep 2006
Posts: 64
Location: South Africa

PostPosted: Wed 01 Nov '06 12:12    Post subject: Using $_SESSION and Frames? Reply with quote

Hi,

I've designed my website using frames, My login page is a separate page on its own, it uses

<?php
session_unset();
?>

to clear any previously used session variables, once the username and password have been entered, the login page links to my validation page, which redirects to an error page should the login be incorrect and to the actual webpage if the login is correct. But the main page for the website after logging in is actually a frameset page.

I would like to know how to use session variables so that there will be NO security breaches and without parameter passing via http eg:

Code:

header('Location: http://' . $_SERVER['HTTP_HOST']
                                  . dirname($_SERVER['PHP_SELF'])
                                  . '/kznUpdate.php?hufn='.urlencode($uFullName).'&ua=1');


Quote:
The above is just to show how i'm trying to achieve security, NOT how to redirect pages, I have no problem redirecting to other php pages


I want to be able to use common session variables through the life of the login on each webpage and over each frame in the frameset.

If, for example, if i had to bypass the login which is, at the moment (http://localhost/kznnet/login.php), and type (http://localhost/kznnet/update/kznUpdate.php) which is the main update page and it still sort of works, instead of just giving an error to login.

How do I solve this problem?

Any Help...Thanks

Quote:
Every man has to go through Hell...to reach his Paradise
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6255
Location: Germany, Next to Hamburg

PostPosted: Wed 01 Nov '06 13:06    Post subject: Reply with quote

I don't know why you are using frames [1] but to use different sessions you can give the session name

session_name("myname"); [2]
session_start();

to end such a session

session_name("myname");
session_start();
session_destroy();

To make sessions more secure make sure that the user can not manipulate values inside the session with GET parameters in URL or values in a POST formular.

To use session
session_name("myname");
session_start();
$_SESSION['car']="Volvo";

on the next page you can get it
session_name("myname");
session_start();
$car = $_SESSION['car'];

A short but good tut http://www.phptutorial.info/learn/session.php

[1]http://cssplay.co.uk/layouts/basics2.html
[2]http://www.php.net/session_name
Back to top
kr33



Joined: 19 Sep 2006
Posts: 64
Location: South Africa

PostPosted: Wed 01 Nov '06 13:23    Post subject: Reply with quote

I'm using frames for the main web page, not the login page.

and the reason is that, its how i was able to achieve what I needed for the site. If there is another way to achieve the "frames effect", i'd love to know. because I have a navigation bar on the left side and the main banner at the top which I want to stay fixed and shown all the time, while the actual content will scroll if need be.

I'm open to any other suggestions with this regard, infact, if I am able to get the same effect, using a better method, please let me know. And thanks for the previous post.

Smile
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6255
Location: Germany, Next to Hamburg

PostPosted: Wed 01 Nov '06 14:38    Post subject: Reply with quote

For the frame effect you can use CSS! http://cssplay.co.uk/layouts/frame.html
or
http://cssplay.co.uk/layouts/body.html
Back to top
Brian



Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA

PostPosted: Wed 01 Nov '06 21:14    Post subject: Reply with quote

I found the CSS alternative very helpful personally. I never use frames, and I think integrating AJAX could do some fabulous things for virtually any site.

A note of caution, using frames and sessions, since each frame is a web page, if you change the domain with one or more of the frames, such as the top from is domain1.com and the bottom frame is domain2.com, then you would not maintain session management for the frame who's domain changed. At least not how I manage sessions using PHP sessions, session cookies, and a MySQL backend.

If each of the frames are loaded post login and session initiation -and- they are on the same domain as your login session, you should be fine. Of course it just all depends on how you manage sessions.
Back to top
kr33



Joined: 19 Sep 2006
Posts: 64
Location: South Africa

PostPosted: Thu 02 Nov '06 11:45    Post subject: Reply with quote

Thanks guys, it was a big help, and I am using the frames in the same domain, I basically used the frame ie. leftframe (contains bar for buttons to navigate around the site) and topframe(contains the banner and)

I know frames are cumbersome and becoming obsolete, as far as i know, but I've started the site using frames already and I've gone too far to convert to using CSS.

Thanks a million...if there are any other sites i can go to, to learn how to use AJAX and CSS...please let me know.

Thanks again guys.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Coding & Scripting Corner
Page 1 of 1