Coles Notes version:
index.php?map_id=foo
is loaded into iframe on www.not-my-domain.com. index sets SESSION['map_id']
= foo. Flash file tries to get SESSION['map_id']
thru Authenticate.php, but Authenticate.php has no values set for any SESSION
varaibles.
-- Only first-load, cross domain issue.
Verbose:
I have an index while where I set: SESSION['map_id'] = foo
The index file then loads a flash file. When initialized, the flash accesses an 'Authenticate.php' file which echo's out the SESSION['map_id']
and is loaded into flash via LoadVars
. Flash then displays the appropriate data.
This step cannot be done another way
This all works just fine on our main site. The issue comes when we try to port out to other sites by providing iframe embed codes:
<iframe src="http://www.mydomain.com/?map_id=foo&code=bar" ... ></iframe>
On a fresh load of the embed code from another site (www.anotherdomain.com), it seems that the SESSION
variables have been destroyed, as flash simply says they are empty. ( $map_id
outputs a blank )
The index file will still properly echo $map_id
as 'foo', it just seems the 'Authenticate.php' file cannot access the SESSION
varaibles.
I have ensured session_start()
is present in all appropriate files.
The session starts well on the second site when it is run live without the iframe. However, when it is called by the iframe, the session does not start.
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie. When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers.
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
To set session variables, you can use the global array variable called $_SESSION[]. The server can then access these global variables until it terminates the session. Now that you know what a session is in PHP and how to start one, it's time to look at an example and see how it works.
PHP session ids are passed through cookies by default, but you can't transfer cookies across domains. Try passing the session id through the url instead.
Here is the appropriate page in the php documentation.
There are a few ways you can get php to pass the session id in the url if it's not being done automatically.
You can manually pass the session id in the url (must come before other get variables):
<iframe src="http://www.mydomain.com/?&map_id=foo&code=bar">
You can disable cookies, forcing every request to have the session id automatically added to the url:
ini_set("session.use_cookies","0");
You can edit the url_rewriter.tags setting, which tells PHP which html tags to rewrite with the session id. Here, iframe=src has been added to the default set:
ini_set("url_rewriter.tags", "a=href,area=href,frame=src,iframe=src,input=src,form=fakeentry");
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With