1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: PHP passing an array via $_SESSION vs an <input type='hidden'

Discussion in 'Web Design & Development' started by andynic, May 22, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. andynic

    andynic Thread Starter

    Joined:
    May 25, 2007
    Messages:
    385
    Hi,

    It seems clumsy to me to pass a large array (serialized) via a hidden.
    Something like this:
    $d1 = htmlentities(serialize($arrNm));
    ...
    echo <<<A
    <input type='hidden' name="uitgavenDataArr" id="uitgavenDataArr" value="$d1" />
    A;


    I've read a number of things about this on the web and one suggestion is to put the array in a $_SESSION location which seems a very good idea. That way it remains on the server until the session ends.

    My concern is that if the user has session cookies disabled in the browser, will not the $_SESSION array be lost?

    An intial test seems to corroborate my concern.

    Is there a way around this? (this = the loss of the $_SESSION array if the viewing browser has cookies disabled).
    Perhaps a way to override the browser setting? (If so, how would one do this?)

    Thanks for you help.
    Andynic
     
  2. andynic

    andynic Thread Starter

    Joined:
    May 25, 2007
    Messages:
    385
    Additional info.
    Here is the code for the test that I ran to establish that $_SESSION is lost if cookies are not allowed:

    part1:
    Code:
    <?php
      // test1.php
      
      session_start();
    
      $_SESSION['test'] = "abc";
    
      echo <<<A
        <!DOCTYPE HTML>
        <html>
        <head>
          <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
          <title>test1.php</title>
        </head>
        <body>
        <p>The php script that put up this page has set dollar_SESSION['test'] to 'abc'. <br /><br />
        Before you click submit below, set the browser preferences so that it does not accept cookies.<br /><br />
        Then click the submit button below<br /><br /></p>
           
        <form name="test1" id="test1" action="test2.php" method="post">
          <input type="button" name="test1Button" id="test1Button" value="submit" 
                 onclick="test1.submit();" />
          </form>
        </body>
        </html>
        
    A;
    ?>
    
    part2:
    Code:
    <?php
      // test2.php
      
      session_start();
    
      echo <<<A
        <!DOCTYPE HTML>
        <html>
        <head>
          <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
          <title>test2.php</title>
        </head>
        <body>
    A;
    
      if ( isset($_SESSION['test']) ) {
        echo "dollar_SESSION['test'] has not been lost and contains the value {$_SESSION['test']}<br />";
      } else {
               echo "Because you blocked cookies before clicking submit in the preceding page, dollar_SESSION['test'] has been lost<br />";
             }
    
      echo <<<B
        </body>
        </html>
    B;
    ?>
    
    In Firefox, to disable cookies: Click the 3 horizontal bars that are displayed in the top right corner --> click Preferences --> Privacy --> "History...Firefox will: --> select "Use custom settings for History" --> uncheck "Accept cookies from sites".
     
    Last edited: May 22, 2015
  3. JiminSA

    JiminSA

    Joined:
    Dec 15, 2011
    Messages:
    3,386
    First Name:
    Jim
    This quote is from PHP.net - so yes Andy, even though you can go the URL route (and I am not sure how that functions :eek:), your session variables are non-usable:D (AFAIK)
    Personally if I detect that a user has cookies turned off [If session.use_cookies = 0 (Cookie disabled.)], I will send them a warning message, stating that they will lose secure server-side functionality, unless they turn cookies on! ('cos that's the way I roll - also, if a user doesn't have javascript turned on, I do much the same thing). This may seem a bit ******* of me, but I believe that in certain circumstances users should be instructed as to how the site can best function.
     
  4. andynic

    andynic Thread Starter

    Joined:
    May 25, 2007
    Messages:
    385
    Hi Jim,
    Thanks very much for your reply.

    Although I could not get your suggestion to work, you put me on the right track.

    For a brief test, this is what I tried following your suggestion:
    <?php
    session_start();
    if ( session.use_cookies == 0 ) { echo "Cookies disabled."; } else { echo "Cookies enabled."; }
    ?>
    which returned the following error in the Apache log file:
    PHP Notice: Use of undefined constant session - assumed 'session' in /Users/andynic/Sites/andyTest/admin/x1.php on line 3

    Prompted by your suggestion to warn the user if cookies are disabled in the browser, I found javascript for detecting disabled cookies and implemented the following 3 step solution:

    step 1: (website startup via index.php)
    Code:
    <?php
      require_once "../common/config.php";  // contains among other things such as constants, session_start();
    
      session_destroy(); // Makes testing easier.
      $_SESSION = array();
    
      header("Location: " . SERVER_ADDRESS_APP . "checkCookiesEnabled.php"); 
    // End index.php
    ?>
    
    step 2: checkCookiesEnabled.php
    Code:
    <?php
      
      require_once "../common/config.php";  // contains among other things, session_start();
    
      echo <<<TEST_COOKIES_ENABLED
        <!DOCTYPE HTML>
        <html>
        <head>
          <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
          <title>Tobi Vroegh Uitgeverij</title>
          
          <script type="text/javascript" src="../js/cookiesEnabledTest.js"></script>
          </head>
        <body>
        </body>
        </html>
    TEST_COOKIES_ENABLED;
    
    // End checkCookiesEnabled.php
    ?>
    
    step 3 -- the javascript used in step 2 -- cookiesEnabledTest.js
    Note: uitgaven.php in the window.open command puts up the home page of the website.
    It gets called whether or not the user has enabled cookies; but the user has been
    alerted if cookies are disabled.
    Code:
    /* 
        These functions have been taken from: 
        http://stackoverflow.com/questions/531393/how-to-detect-server-side-whether-cookies-are-disabled
    */  
              window.onbeforeload = areCookiesEnabled();
              
             function createCookie(name, value, days) {
                 var expires;
                 if (days) {
                     var date = new Date();
                     date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
                     expires = "; expires=" + date.toGMTString();
                 }
                 else expires = "";
                 document.cookie = name + "=" + value + expires + "; path=/";
             }
             
             function readCookie(name) {
                 var nameEQ = name + "=";
                 var ca = document.cookie.split(';');
                 for (var i = 0; i < ca.length; i++) {
                     var c = ca[i];
                     while (c.charAt(0) == ' ') c = c.substring(1, c.length);
                     if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
                 }
                 return null;
             }
             
             function eraseCookie(name) {
                 createCookie(name, "", -1);
             }
             
             function areCookiesEnabled() {
                 var r = false;
                 createCookie("testing", "Hello", 1);
                 if (readCookie("testing") != null) {
                     r = true;
                     eraseCookie("testing");
                     // alert ('cookies are enabled');
                 }
                 else {
                        alert ('NOTA BENE:\n'
                             + 'In uw browser heeft u "cookies" uitgeschakeld.\n' 
                             + 'Zonder cookies, kan deze website niet op de juiste manier functioneren.\n'
                             + 'Vóór u op "OK" klikt, bent u aangeraden via uw browser instellingen om cookies toegestaan te maken.\n\n\n'
                             + 'NOTA BENE:\n'
                             + 'In your browser preferences, you have cookies disabled.\n'
                             + 'Without cookies, this website will not function properly.\n'
                             + 'Before clicking "OK", you are advised to enable cookies.\n'
                             + 'See your browser preferences.');
                      }
                window.open('uitgaven.php?mode=init', '_self',
                            'toolbar=yes, menubar=yes, resizable=yes, scrollbars=yes, status=no, location=no');
             }      
    
    // End cookiesEnabledTest.js
    
    Andynic
     
    Last edited: May 23, 2015
  5. JiminSA

    JiminSA

    Joined:
    Dec 15, 2011
    Messages:
    3,386
    First Name:
    Jim
    Sorry Andynic, that may have looked like code, but actually was not. I should have put in this link which may clarify what I meant. It would appear that one can initiate session variables when cookies are disabled! But I have never resorted to the suggested (in the link) methodology, so I have never researched it.
    However I think you are on the right track, by informing the user that disabling "USER FRIENDLY" cookies inhibits php(y)
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148655

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice