$_SESSION Weirdness

Permalink August 11, 2010 at 9:05 AM

UPDATE: I found the answer here:

http://www.concrete5.org/community/forums/customizing_c5/passing_se...

Sorry about the double post - I guess I wasnt looking hard enough at the forums.

====================================
Seems like Concrete5 hijacks the superglobal $_SESSION variable. Which is, well, weird. Let me explain:

Throw this code into your run-o-the-mill default C5 template:

$_SESSION['testvalue'] = "Testing";
print_r($_SESSION);
echo SID;
echo session_id;
echo '<a href="/testsession.php?' . SID . '">test</a>';

Where testsession.php looks like so:

<?php
session_start();
print_r($_SESSION);
?>

Strange goings on - In C5 you can easily assign a value to $_SESSION and it will be maintained on all C5 pages - if you break out of C5 you loose the session. Also, as you can see I am trying to print the session id from within C5 - no such luck.

I could spend a great deal of time listing the reasons why I find this strange and mysterious - I will spare you all that and just ask:

Why does C5 do this? Some security issue? How does it do it? Any way around this limitation?

Thanks!

Post Reply

Delete Post

You are allowed to delete your post for 5 minutes after it's posted.

Delete

Mark Post as Spam

Are you sure you would like to mark this post as spam?

Mark as Spam

Destroy Spammer

This script will report this post as spam and add a permanent IP ban for this user, type "DESTROY" below to continue.

DESTROY SPAMMER

Sign In?

You must have a user account and be signed to perform this action.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.

Forums

Developing (v7+)