Reputation: 2068
Is it possible to clear a different session's variable?
I have a some information stored on $_SESSION, the session is stored on the database through a custom session handler.
Is there a standard way to either 'impersonate' a session having a session id or clear specific variables from another session.
I am asking about this because I have my web application, with its session variables on its own working, this is an actual shopping cart with order information using paypal. Paypal returns a response of a payment through IPN (Notifications), which are request made from their server to my site. Those requests, of course, initiate their own sessions.
What I want to find is a way to clear the original session variable from the paypal notification request that sees a different session. Is there a way to do that?
One idea might be to manually edit the database in which the session data is stored, but I want to look for something standard, regardless of the session handlers.
Upvotes: 1
Views: 277
Answers (4)
Reputation: 449395
This shouldn't be necessary in the first place.
I'm fairly sure you can specify a unique job ID in the IPN. Use that unique ID to find out which user the notification belongs to, and edit their data. Don't fiddle with sessions for this, it's bad design.
Upvotes: 0
Reputation: 51411
I am asking about this because I have my web application, with its session variables on its own working, this is an actual shopping cart with order information using paypal. Paypal returns a response of a payment through IPN (Notifications), which are request made from their server to my site. Those requests, of course, initiate their own sessions.
What I want to find is a way to clear the original session variable from the paypal notification request that sees a different session. Is there a way to do that?
If you've found yourself needing to edit data in someone else's session, you shouldn't be storing that data in a session to begin with.
If you need to read or otherwise work with the IPNs, perhaps you should store them in the database in an actual table. You can associate the row with the user's session ID, or preferably with their login or email address.
Upvotes: 1
Reputation: 12417
Did you try to create a session array and giving an id to it.
like this
$_SESSION['ipn'] ="";
$_SESSION['ipn']= "Mescalito";
Upvotes: 0
Reputation: 12924
Sessions work because of browser cookies. If you remove the cookie, it will create a new session. If you change your cookie to one for another session, you're now impersonating that session.
You can use Chrome's developer tools, or the Web Developer Firefox addon to get easy access to your browers' cookies.
Upvotes: 0
Related Questions
- How do I destroy a specific session variable in PHP?
- php - Is this possible to unset one variable from other session?
- Resetting the session variable in php
- Remove one variable from a PHP session
- how to unset a session variable?
- In php, how to destroy the session variables
- How to clear a session without clearing other parts of the site
- freeing session variables
- Destroy session, but keep one variable set
- Destroy session variables in another application