0
Well I have a main page index php. where the person executes an action and makes a request POST with Ajax. In this main file I create a session with some data that I want to keep safer and not be visible and others for confirmations.
Example: index.php
<?php
// exemplo da sessão
$_SESSION['EXAMPLE'] = [
'token' => '123456abcExample',// SEMPRE UM NOVO E ÚNICO TOKEN É GERADO AO CARREGAR A PÁGINA index.php
'other' => 'stringEtc'
];
?>
...
<script>
// exemplo da requisição ajax - no mesmo site
// página "http://example.com/url/index.php" e a outra "http://example.com/url/request.php"
$.post('http://example.com/url/request.php', {
'example' => 'string',
'token' => $_SESSION['EXAMPLE']['token']
}, function (response) {
// code
}, 'json');
</script>
Has a second page request.php, where I send the requisition ajax with JSON return. Nessa second page I do a check if the token of session is the same that was passed to the requisition AJAX, and just being the same to continue the code.
Example: request.php
<?php if ($_SESSION['EXAMPLE']['token'] == $_POST['token']) {...}
However, in the second page the session token arrives different than it was before. Let’s say that on the main page "index php." the token created in the session was "12345abcExampleToken", is also passed to date of AJAX also, but on the second page it arrives as "789452hjkhToken", is another totally different, as if the index php. a new token had been started and a new token had been created.
Well, I’d like to know why this is happening. And if there is a safer solution ("if this way I am using is really safe"), please could share me?
Note - Edition: The token is generated through a function of Static Class, I thought I’d let you know, in case this had anything to do with!
class Example
{
public static function getToken(): string
{
return 'createToken';
}
}
and I wear it like this in session:
$_SESSION['EXAMPLE'] = [
'token' => Example::getToken(),
'other' => 'stringEtc'
];
in $.post, the token is being sent correctly but in request.php in session is incorrect?
– Don't Panic
@Everson yes, it’s coming in different. I did an "echo" to display Session as soon as it was created and I also see the $.post, and of course the request.php too. But in her comes different
– user45722
One of the ways to try to figure out where the problem is is to check the post sent through the inspect on the network tab by looking at the post data. You can then echo in php as soon as the token is generated, so you can compare the two
– Isac
@Isac How can I do that? "inspect on the network tab"
– user45722
Open the inspecting doing
botão direito
followed byInspecionar
. As a general rule this corresponds toF12
in most browsers. In this inspection window the Network (Network) tab is usually 3rd in Chrome, and displays all the requests that have been made and shows the data sent/received. Just click on anyone to see the specific information of that request.– Isac
I did the test, and I swapped the "token" for "date/time" and the "request.php" is 2.3 seconds longer. Example:
index.php
2017-08-18 23:22:35 ---request.php
2017-08-18 23:22:37. This happens whether I made the request or not, because I waited a few seconds to make the request and see if it was at this time, but continued 2 to 3 seconds difference– user45722
It would be better to put the right code to analyze. Because to me it seems like you’re calling again
getToken()
, maybe it’s just to useinclude
– NoobSaibot
@Wéllingthonm.Souza added the code, and really I use include/require, has how I solve this?
– user45722
Some things are without comment as I’m adding now
– user45722