0

* THIS BIT IS FIXED IN STONE *

We have 1 webpage with 3 iFrames inside. All iFrames point to the same script but pass different querytring values. E.g.

  • Webpage: mypage.html
  • iFrame1: script.php?x=1
  • iFrame2: script.php?x=2
  • iFrame3: script.php?x=3

So when a user visits the webpage, they are calling script.php 3 times.

* QUESTION *

Is there a way to get script.php to be aware that it is being called 3 times by the same client/browser/person and then order or queue those calls? E.g.

  • 1st time - set an ID and save to session
  • 2nd time - get the ID from the session and use it
  • 3rd time - get the ID from the session and use it

What's happening to me at the moment is that script.php is being executed 3 times at the same time and each iFrame is setting it's own ID. I'd like them all to use the same ID.

Hope that makes sense?

Thanks in advance for you help.

Ryan

Ryan B
  • 21
  • 1
  • 6
  • r u asking to pass same id to all three?...as i understand? – bounty_killer525 Nov 06 '12 at 12:45
  • No, script.php needs to create its own ID – Ryan B Nov 06 '12 at 12:46
  • Or... to explain better... script.php needs to create it's own ID for the user and set that in a session. Further calls to script.php should then use the same ID. If that makes sense? – Ryan B Nov 06 '12 at 12:48
  • You may track user by IP address and check for it....in script.php. For first time if user clicks than generate a number and store it in session. And if same user clicks second time than checks for IP is same or not. If it same than use same Session value otherwise visa-versa you can generate new one. Hope it may helpful. – bounty_killer525 Nov 06 '12 at 12:54

2 Answers2

0

You need to track users with cookie, or IP address to know that it is the same user. And if you "save to session" then you HAVE TO have cookies used already (otherwise it is not really a session), so basically before you create new ID you just have to check if ID is not stored in session already. If not, generate it and use and also store in session.

EDIT: You can use PHPSESSIONID for the purpose, as it will be the same as long as session is maintained. I suspect the only thing you need to tweak is ID generation in your code, to ensure ID was not already generated. If not, generate and save in session so further calls will not generate it again but return value stored in session. But please keep in mind that you may face concurrency here and 2nd request may arrive before your 1st is completed (this both will generate new IDs), so you shall either use locking to prevent this, or use PHPSESSIONID value if that suffices.

Marcin Orlowski
  • 72,056
  • 11
  • 123
  • 141
  • My plan was to make a new database ID on the first request to script.php and save it in the session. Then get this ID in the 2nd and 3rd requests. But perhaps it's better to just ditch the new database ID and use $_COOKIE['PHPSESSID'] as it will be the same for all 3 requests? Is this what you're saying? – Ryan B Nov 06 '12 at 12:59
  • If i just go with PHPSESSIONID then.... what are the chances that the same PHPSESSIONID may be used again the future? My site gets high traffic. In other words, how unique are PHPSESSIONIDs? (do they take into account date, time, IP address etc?) – Ryan B Nov 06 '12 at 14:07
  • You cannot assume PHPSESSIONID to be one time token. If you need that feature, you shall consider creating your own IDs and keep track of it in more permanent storage than /tmp. Please keep in mind session ID HAVE TO be random (not i.e. sequential) to avoid session hijacking. In general see [session docs](http://www.php.net/manual/en/ref.session.php), and functions like `session_id()` and related. – Marcin Orlowski Nov 06 '12 at 14:19
0

There will be no guarantee by browsers to the order in which script.phps are called. And as these calls could be parallel, there is no way to add a SESSION_KEY to one of these responses which will be available for calls from the other iframes.

By using AJAX in mypage.html, and populating contents of the frames yourself you gain more control over how script.php is called (The order or the calls, the overlaps in these calls). If the only concern is to identify each client, adding a session cookie when mypage.html is returned could easily solve your issue, as this cookie then will be sent to each call of script.php

Vajk Hermecz
  • 5,413
  • 2
  • 34
  • 25
  • Unfortunately I have no control over mypage.html. The bit I can control is script.php – Ryan B Nov 06 '12 at 12:53
  • Yup, just saw that, sorry for not realizing. Then, unless you have some goodie in the request set by the request to the html file (e.g.: Can you conf the webserver serving the html to setup a cookie?), so unless you have this chance, you'll need to hack. Requests from the same useragent, same ip in a short window of time... That could be resolved as one session. I'm not familiar with the strategy how PHP allocates sessionkey, but it might occur, that requests from the same browser get different session_ids... – Vajk Hermecz Nov 06 '12 at 14:38
  • You might wanna look at php session handling related questions like [this](http://stackoverflow.com/questions/349381/ajax-php-sessions-and-simultaneous-requests) – Vajk Hermecz Nov 06 '12 at 14:39