PHP sessions - cannot retrieve session in firefox or chrome

Question

My HTML form is sent to a PHP page to process. I need to add a captcha to the form but am unable to change the HTML page to PHP and so have set a session for the displayed captcha in a capcha.php page which outputs as an image within the HTML form. When the page loads the session var is set but I cannot retrieve this session in the process PHP page. It just firefox or chrome where I am havin this issue. It works in IE.

Code that sets session in the capcha.php:

session_start(); // start a session
$image = imagecreate(50, 20); //create blank image (width, height)
$bgcolor = imagecolorallocate($image, 0, 0, 0); //add background color with RGB.
$textcolor = imagecolorallocate($image, 255, 255, 255); //add text/code color with RGB.
$code = rand(1000, 9999); //create a random number between 1000 and 9999
$_SESSION['code'] = $code; //add the random number to session 'code'
imagestring($image, 10, 8, 3, $_SESSION['code'], $textcolor); //create image with all the settings above.
header ("Content-type: image/png"); // define image type
imagepng($image); //display image as PNG

PHP process page:

session_start();

print_r($_SESSION['code']); 

Can anyone assist?

EDIT* I think its something to do with the session being set in capcha.php which is added as an image to my HTML form. If I go to capcha.php in the browser an then to process_email.php the session is set. So therefore its not setting when being included as an image. Does anyone know of a way round this issue?*

Answer 1

This looks like an interesting question. Let me try to explain this in more details.

• When you start a PHP session normally you send cookie to user. When user opens some other page on your site you find PHPSESSID cookie in HTTP request header and take the session ID from the cookie. Then you find session for this ID on your server and load session data.
• Normally you set the cookie in main HTML document. But you don't because this is some static document you can not change.
• You set cookie in the image included in the HTML. I never did this before and I should admit I had no idea how the browser should behave in this case. Perfectly the cookie should be taken from the image and then used on all pages.

I did a test for this. And below are my results. I did everything in Chrome. In short, I can get the cookie in the form handling PHP file.

Open the HTML page. We can see there are no cookies on this page.

On this page we load image and the image HTTP response has cookie specified.

When I submit the form I get cookies defined in HTTP request. Have a look:

This works for me in Google Chrome as expected.

I suggest to check the domains. What is the full URL for the HTML page with form, image and the submit URL? Do they have exactly the same domain?

I did one more test and loaded image from different domain then HTTP page. But this does not work not only in Chrome but in IE 9 too. This is why I can not guess what you are doing.

I suggest to use development tools in Chrome and check all the cookies and page load requests.

Answer 2

don' forget to add a session_destroy() at the logout file and a condition like

if (!isset($_SESSION['session_value'])) {
}

is a better programming way.

Answer 3

Try to unset that session first before assigning to a value to it.