开发者

View and change sessions variables in a browser

问答 作者:

Debugging a PHP program, is there any add-on/plug-in for browser which I can view sessions variables (th开发者_如何学编程ose PHP $_SESSION["foobar"] )?

Best if I can change the value in the variables.

There is no way to manipulate the values stored in sessions from the client side.

That's one of the main reasons you'd use a session over a cookie - YOU control the data. With cookies, the user can manipulate the data.

The only way to access/manipulate session data from the client side would be with an Ajax call or other JavaScript mechanism to call another php script, which would be doing the retrieval/manipulation of the session data via the session_ functions.

$_SESSION is a server-side array of variables. If we could read or change the values, there are many things that we could do to hack or cause other bad things to happen.

However, using phpinfo(); we can view session variables - but we cannot change the value.

Even better, we can debug all session variables with

print_r($_SESSION); 
//if you echo "<pre>" before, and a closing "</pre>" after, it prints very cleanly.

some other useful commands:

session_start(); // start session  -- returns Session ID
session_destroy(); // unset all session variable

Session is an array so if you set $_SESSION['key']='value'; it is same like $array['key']=value; - only, what is special about $_SESSION - is that it persists until the window is closed, or session_destroy() is called.

You can use this code below:

<?php
error_reporting(E_ALL);
session_start();
if (isset($_POST['session'])) {
    $session = eval("return {$_POST['session']};");
    if (is_array($session)) {
        $_SESSION = $session;
        header("Location: {$_SERVER['PHP_SELF']}?saved");
    }
    else {
        header("Location: {$_SERVER['PHP_SELF']}?error");
    }
}

$session = htmlentities(var_export($_SESSION, true));
?>
<!DOCTYPE html>
<html lang="en-US">
    <head>
        <meta charset="UTF-8">
        <title>Session Variable Management</title>
        <style>
            textarea { font: 12px Consolas, Monaco, monospace; padding: 2px; border: 1px solid #444444; width: 99%; }
            .saved, .error { border: 1px solid #509151; background: #DDF0DD; padding: 2px; }
            .error { border-color: #915050; background: #F0DDDD; }
        </style>
    </head>
    <body>
        <h1>Session Variable Management</h1>
<?php if (isset($_GET['saved'])) { ?>
        <p class="saved">The session was saved successfully.</p>
<?php } else if (isset($_GET['error'])) { ?>
        <p class="error">The session variable did not parse correctly.</p>
<?php } ?>
        <form method="post">
            <textarea name="session" rows="<?php echo count(preg_split("/\n|\r/", $session)); ?>"><?php echo $session; ?></textarea>
            <input type="submit" value="Update Session">
        </form>
    </body>
</html>

Be aware however that while the session 'variables' are stored server-side, the Session ID is either in the GET/POST URL (a VERY BAD idea) or stored in a browser cookie, (better security), but still susceptible to manipulation/attack/etc if you don't hand Cookie based session IDs carefully.

http://en.wikipedia.org/wiki/Session_fixation

http://en.wikibooks.org/wiki/PHP_Programming/sessions#Avoiding_Session_Fixation

继续阅读:browserdebuggingphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9