www.webdeveloper.com
Results 1 to 4 of 4

Thread: [RESOLVED] Accessing PHP Session Variables Iniside Ajax Content

  1. #1
    Join Date
    Dec 2010
    Posts
    232

    resolved [RESOLVED] Accessing PHP Session Variables Iniside Ajax Content

    In my site I retrieve the user id of a user that logs in with a registered username/password and store it in a php session variable in the following way:-

    PHP Code:
    $_SESSION['logged_in_userid'] = $row['user_id']; 
    That works fine and remembers the user_id of the logged in user pefectly however I am having trouble accessing this session variable inside my ajax loaded content.

    The site I'm making is a social network and the idea is that a user can view different profiles by clicking on people's names similar to facebook. This loads in an ajax section called ajax_profile.php which is gotten using the following code:-

    Code:
    function showMainPage(userid, page)
    {
    if (page=="")
      {
      document.getElementById("content_section").innerHTML="";
      return;
      } 
    if (window.XMLHttpRequest)
      {// code for IE7+, Firefox, Chrome, Opera, Safari
      xmlhttp=new XMLHttpRequest();
      }
    else
      {// code for IE6, IE5
      xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
      }
    xmlhttp.onreadystatechange=function()
      {
      if (xmlhttp.readyState==4 && xmlhttp.status==200)
        {
        document.getElementById("content_section").innerHTML=xmlhttp.responseText;
        }
      }
    xmlhttp.open("GET", "mainpage_"+page+".php?userid="+userid,true);
    xmlhttp.send();
    }
    And the line which sends the request to this function is like this:-

    Code:
    onclick="showMainPage(<?php echo $row['user_id'] ;?>, 'profile'); return false;"
    with $row['user_id'] being the userid of the user who's page is currently being viewed.

    Now what I need to to be able to access $_SESSION['logged_in_userid'] iniside the new loaded ajax content, reason being that I want to do some sort of query so that if a user is viewing their OWN profile they will see extra options relevant to them such as links to an inbox and requests etc whereas if they view someone else's profile they won't see such things.

    Is there any way I can do this?

  2. #2
    Join Date
    Mar 2010
    Posts
    128
    In your ajax request file, you simply start your session within that file.

    javscript > Ajax Request > File > PHP > session_start() > print_r($_SESSION)

    Will return the data of the printed session. When you make an ajax request, it requests it as if you were to request it, since it is making the request from your browser through javascript (hence, its still you making the request).

    If I am not understanding your question, sorry... But, sessions carry over to request.

  3. #3
    Join Date
    Dec 2010
    Posts
    232
    Thanks rproctor83.

    I decided it may be best to simply pass the logged in user id along within the ajax function. i.e:-

    Code:
    onclick="showMainPage(<?php echo $row['user_id'] ;?>, 'profile', <?php echo $_SESSION['logged_in_userid']?>); return false;"

  4. #4
    Join Date
    Mar 2010
    Posts
    128
    While that may work, it is not necessarily safe. If you are relying on $_SESSION['logged_in_userid'] to authenticate a user from the results of your onclick handler above then it would be seemingly easy for one to authenticate themselves. You shouldn't rely on information within the dom, or from the client side of the system. Sessions are handled on a server level, just like php, and the client can not mainupate or read any php once it reaches their computer. What you are doing is relying on the clients browser to supply a session id to a button on the page. This will work, but since it is owned by the client, they are free to modify the contents as they wish, and by doing so they could inject the logged in userid.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles