Session parameters sent to js.php

[GoogleCodeExporter]

I know this has been discussed before, but before I start hacking away at a
potential solution I wanted to post it.

It looks like session are not getting set correctly via this code below.

this section in the code: Lines 1888 thru 1910

$_SESSION["pfbc-instances"][$this->attributes["id"]] = serialize($this);

    $session_param = "";
    $session_name = session_name();

    if($session_name != "PHPSESSID")
        $session_param = "&session_name=$session_name";

    $str .= <<<STR
        <script type="text/javascript">
            var css = document.createElement('link');
            css.rel = 'stylesheet';
            css.type = 'text/css';
            css.href =
'{$this->jsIncludesPath}/css.php?id={$this->attributes["id"]}$session_param';
            head.appendChild(css);

            var script = document.createElement('script');
            script.type = 'text/javascript';
            script.src =
'{$this->jsIncludesPath}/js.php?id={$this->attributes["id"]}$session_param';
            head.appendChild(script);
        </script>
    </div>  

------

 So what I am seeing in this is that the myform or what every you set your
form id to in the setAttributes gets passed to the above code.  The
session_name() isn't returning PHPSESSID as it should.. Which means at this
level the class is out of scope of the $_SESSION. (ie it's not seeing it.

A quick/dirty hack could be to to append &session_name=PHPSESSID just to
get it to work. 

But this still doesn't answer the question of why the class isn't seeing
the session.

Something just doesn't look right.

Original issue reported on code.google.com by tpetr...@gmail.com on 13 May 2010 at 2:12

[GoogleCodeExporter]

Hi if you check:

http://au.php.net/manual/en/session.configuration.php#ini.session.name

You can see that session_name() returns ini.session.name, which by default is
PHPSESSID. What is the value of your $session_name ?

Perhaps it is being set earlier for some reason, or your ini.session.name is 
modified.

Original comment by moncojhr@gmail.com on 13 May 2010 at 2:27

[GoogleCodeExporter]

My sessions are stored in a database, home-brew solutions, and it work pretty 
will
with a small portal system that I wrote.

It's a simple solutions.. 

index.php?page=lost_password
returnes

 header.php  
    lost_pass.php
 footer.php

The index automatically starts the session ( which I can see in the database) 
and
then as the last_pass.php loads ($form = new form() ) the session is lost and 
all my
"session" values disappear.  The alter(SESSION ERROR MESSAGE) drops down from 
the
class.form.php and then nothing gets passed.

When I do a show "View Source" on resulting html the <Scripts> tags include by 
the
class.form.php are not passing the session_name via the css.php?id=myForm/
js.php?id=myForm  ... meaning the &session_name=something  is not working..

So what I did was a quick mod: 
$session_name = session_name();

            //
              if(isset($session_name))
                {
                    $session_param = "&session_name=$session_name";
                }else{

                    $session_param = "session_name" .session_name();
                }

This work and now it is passing the session name of PHPSESSID.  Because this 
little
bit of code works it tells me the class.form.php is in scope of the $_SESSION 
and is
in fact seeing session values.  

Now the issues is that the below line is not working either. :  
$_SESSION["pfbc-instances"][$this->attributes["id"]] = serialize($this);

I am not sure what the above line is supposed to accomplish.  But it's not 
getting
set nor passed via a $_SEESION to js.php because I get a alert(SESSION) message.

The trouble shooting I did was the following.

 On the lost_pass.php I did the following:  $sess_name = session_name();  $sess_id =
session_id() , then I printed out the var's..  As expected it returned the a 
name of
PHPSESSID and 7@#$!@#$!@#$87987124!@#$!@#$ etc..

The class needs to be smart enough to be session aware.. Ie 
if(isset(session_name()))
then pile on the class.form.php values else create it as though it didn't exist.

You guys tell me ??

Original comment by tpetr...@gmail.com on 13 May 2010 at 11:43

[GoogleCodeExporter]

I did a bit more trouble shooting..

I turned off ( commented out ) my session/db class and just implemented plain 
old
session_start()  and now all the forms are working without out a problem.

Funny thing is the session classes, or most session classes, something like the
following. ( keyword being like !! )

public function __construct(){

session_set_save_handler(open, read, write, close, destroy, gc);
session_start()

} 

 The above is "like" what I implement in my class .  

So:  if I implement $sess = new session_handler , session_start() is created on
__construct();

and it appears that class.form.php isn't picking up on that... 

If I turn of the session_handler and go plain jane session_start();

Then we are golden... !!

More fuel to the fire.

Original comment by tpetr...@gmail.com on 13 May 2010 at 1:02

[GoogleCodeExporter]

The latest release of version 1.0.6 includes a new form attribute - 
preventXHTMLStrict - that you can set in the 
form's setAttributes() function to render the javascript and css inside the 
<body> tag instead of using the 
external js.php/css.php files.  This should fix the session issues that have 
been reported by several in the 
community.  See an example of how this form attribute can be set below.

$form = new form("session_fix");
$form->setAttributes(array(
      "preventXHTMLStrict" => 1
));

Original comment by ajporterfield@gmail.com on 13 May 2010 at 6:54

[GoogleCodeExporter]

Original comment by ajporterfield@gmail.com on 17 May 2010 at 11:14

• Changed state: Invalid

[GoogleCodeExporter]

Original comment by ajporterfield@gmail.com on 17 May 2010 at 11:15

• Changed state: Fixed