FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home » PHP » PHP Sessions/Cookies On The Fly

by 2 comments

Multiple Web Technologies for dynamic php session controlThis article shows how to save and modify php session data, cookies, do anything really... without using ajax or iframes or forcing the user make a request.

Warning: Touches on some moderately advanced web development, definately some very cool stuff though.

.htaccess mod_rewrite code

This code turns a request for askapache.com/sess.gif to serve the file /cgi-bin/session-cookie.php - further disguising this "image".

RewriteEngine On
RewriteBase /
RewriteRule ^(.*)session.gif$ /cgi-bin/session-cookie.php [NC,L,QSA]

Using javascript

You can either put a basic img tag somewhere and it will capture this info, or if you want a dynamic way to call this image, you can do it with javascript very easily.

This code loads a new image as soon as this code is executed.. so you could quite easily add this code to be executed upon a certain button click, anything.

  var t=new Image();
  t.src='http://www.askapache.com/sess.gif';

The php controller

This file has some cool stuff in it, check it out. First we check to see if a session has been initialized and if not we start a session. Then we initialize an output buffer to hold all the output including the headers until we are ready to send output, the only output we will be sending is a 43 byte 1x1 white image. The code also sends HTTP headers that prevent the clients browser from caching the image, so a new request is made for the image each time a browser encounters it.

The data we will be saving in the users session file using the session variable called IMAGETEST are the entire $_GET, $_COOKIE, $_POST, and $_SERVER global variable arrays builtin to php.

<?php
(!isset($_SESSION)) ? session_start() : $ok=NULL;
ob_start();

$G=$S=array();
$G=$_REQUEST;
$S=$_SERVER;

$g=base64_encode(gzcompress(serialize(array('REQUEST'=>$G,'SERVER'=>$S))));
$_SESSION['IMAGETEST']=$g;

$imagedata=base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==');

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
header('Content-Length: 43');
header('Content-Type: image/gif');
echo $imagedata;

$r=ob_get_clean();
echo $r;
exit;
?>

The result from requesting the php file is a session variable is created called IMAGETEST that contains a base64 encoded and gzip compressed and php serialized string representing the $_REQUEST and $_SERVER variables for that specific request.

Example Session IMAGETEST value

 [IMAGETEST] => eJy1Vm1vo0YQ/ivIUqu7Orws78ZCKrKxg842LuBE1y9ogSVBscEFnERX33/vsIDj5NK75NQqcoDd2Zln3p5ZbIjG35UhGYO5HQzG2ED9d5KVg

Decoding the IMAGETEST

So to see the values of IMAGETEST if you used my method to compress and save the data as a string, is basically to run the string through the same process backwards.

<?php
echo '<pre>';
$p=unserialize(gzuncompress(base64_decode($_SESSION['IMAGETEST'])));
print_r($p);
?>

This results in displaying all the variables and data you saved.

Array
(
[REQUEST] => Array
(
[ASKAPACHE] => 6a81995f0c4b73b4d
[MP3] => off
[subscribe_checkbox_0460e1098afa8bf8b] => unchecked
[wordpresspass_5510982bf8b] => 6555555
[wordpressuser_0559828bf8b] => youdliketoknow
[wordpress_test_cookie] => WP Cookie check
)

[SERVER] => Array
(
[PATH] => /usr/local/bin:/usr/bin:/bin
[REDIRECT_STATUS] => 200
[SCRIPT_URL] => /sess.gif
[SCRIPT_URI] => http://www.askapache.com/sess.gif
[TZ] => America/Indianapolis
[SERVER_ADMIN] => webmaster[at]askapache.com
[HTTP_HOST] => www.askapache.com
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13
[HTTP_ACCEPT] => image/png,*/*;q=0.5
[HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
[HTTP_KEEP_ALIVE] => 300
[HTTP_CONNECTION] => keep-alive
[HTTP_REFERER] => http://www.askapache.com/online-tools/htpasswd-generator/
[HTTP_COOKIE] => 405485
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache/2.0.61 (Unix) PHP/4.4.7 mod_ssl/2.0.61 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2
[SERVER_NAME] => www.askapache.com
[SERVER_ADDR] => 208.113.183.103
[SERVER_PORT] => 80
[REMOTE_ADDR] => 2.12.64.105
[DOCUMENT_ROOT] => /web/domain.com/public_html
[SCRIPT_FILENAME] => /web/domain.com/public_html/cgi-bin/session-cookie.php
[REMOTE_PORT] => 1857
[REDIRECT_QUERY_STRING] => dir=
[REDIRECT_URL] => /cgi-bin/session-cookie.php
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] => dir=
[REQUEST_URI] => /sess.gif
[SCRIPT_NAME] => /cgi-bin/session-cookie.php
[ORIG_PATH_INFO] => /cgi-bin/session-cookie.php
[ORIG_PATH_TRANSLATED] => /web/domain.com/public_html/cgi-bin/session-cookie.php
[PHP_SELF] => /cgi-bin/session-cookie.php
[REQUEST_TIME] => 1206697334
)

)

Simpler php example

<?php
session_start();

$name=$_GET['name'];
$_SESSION["$name"]=$_GET['value'];

$res='R0lGODlhAQABAIAAAP///wAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==';
$c=base64_decode($res);
header('Content-Length: '.strlen($c));
header('Content-Type: image/gif');
echo $c;

exit;
?>

Tags

Comments Welcome

Information is freedom. Freedom is non-negotiable. So please feel free to modify, copy, republish, sell, or use anything on this site in any way at any time ;)

My Online Tools

Popular Articles
Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two.
-- Richard M. Stallman


It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

+Askapache | htaccess.io | htaccess.guru

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service | @Htaccess

↑ TOPMain