I'm setting up a whisper function in my call plan and can't seem to pull a session variable on the 'url' in the action. Are session variables supported there?
I have this in my dial action:
<Number url="whisper.php">15551234567</Number>';
And my whisper.php looks like this.
<?php
session_start();
header('Content-type: text/xml');
echo '<Response>';
echo '<Say>Call from '.$_SESSION['source'].'</Say>';
echo '</Response>';
?>
$_SESSION['source'] isn't showing up.
I use this session variable elsewhere and store things in a database with it so I know it is set correctly.
I went to Twilio support and they gave me this info in case someone else ever looks at this.
"Twilio's cookie handling is keyed by the combination of From and To. For the <Number url> request, the From and To will be different than the From and To of the parent call, so that's probably why the 2 sessions aren't being shared and you get a new session."
The the URL action is not in the same session.
He gave me this as a work around:
"The most common workaround is to include the extra data as a query parameter, e.g.
<Number url="whisper.php?source=<?= $_SESSION['source'] ?>">15551234567</Number>
It's not very elegant but it works well enough for maintaining state during the call flow.
And then in whisper.php you would access $_REQUEST['source'] instead of $_SESSION['source']."
Each seperate number to number pair holds a separate Session and cookie jar as if the twilio "browser" is browsing a different site. Therefore, passing it into the url above is the only way to post the value across the two different pairs of numbers.
Related
I've looked around here but I can't find a matching solution to my problem here.
What I want to do is 1) clean up the URLs with GET params in them and 2) save those GET params in session variables.
This will also need to be done on all files on the site, so the GET params could get passed to any file on the server in any order.
So, for example, if one of the files is:
http://mydomain.com/page.php?a=1&b=2&c=3
and another is:
http://mydomain.com/anotherpage.php?b=2&a=1
I'd need those rewritten or redirected to /page.php and /anotherpage.php, respectively, while storing the GET params in session, so having $_SESSION['a'] = 1, etc.
I've managed to do this (kind of) by including a function called rewrite() in every file's header (before anything else) and going through all the variables in there, storing them in a session and then redirecting the file through header() to $_SERVER['SCRIPT_NAME'].
And it kinda works, but what I'm seeing now is issues with tracking scripts out there - when I try to integrate user tracking scripts I get errors because of a lot of redirects. Postbacks from other apps/websites are throwing 301/302 errors because of redirects as well.
So I was wondering is there a slicker method of just taking a QUERY_STRING for each called URL, storing all the key/value pairs from there in session cookies with key being the name of the session, value being the value of the session and just simply loading the clean SCRIPT_NAME instead without a possibility of endless redirection and all?
Thanks!
I wnat to set cookie with a name csrf_cookie_name with a value from this function $this->security->get_csrf_hash(); but, it is not working.
I have this in my controller:
$csrf_cookie_value = $this->security->get_csrf_hash();
$this->input->set_cookie('csrf_cookie_name', $csrf_cookie_value);
echo $this->input->cookie('csrf_cookie_name');
die();
But it is not working and nothing is echoed out.
If I try only this:
$csrf_cookie_value = $this->security->get_csrf_hash();
echo $csrf_cookie_value;
I works and a generated string is echoed out.
So, I assume that something within these next 2 lines is wrong:
$this->input->set_cookie('csrf_cookie_name', $csrf_cookie_value);
echo $this->input->cookie('csrf_cookie_name');
Thanks for your advice.
You need to specify a life time for the cookie. 0 will be a session cookie and anything else will be added to time().
If you don't specify a life time, CI will interpret that you want to delete the cookie. And that's exactly what it does :)
$this->input->set_cookie('name', 'value', 0); //expires when the browser window closes
$this->input->set_cookie('name', 'value', 3600); //expires in one hour
$this->input->set_cookie('name', 'value'); //will delete the cookie (if the cookie does not exist, you will not notice anything happening)
The reason you are not getting a cookie echoed is because the $this->input->cookie() function reads directly from the global $_COOKIE array and $this->input->set_cookie() does not populate the $_COOKIE array immediately on the server. Instead, $this->input->set_cookie() queues the cookie to be sent back and stored in the browser. Only on the users' next HTTP request will you be able to re-observe this cookie.
Secondly, and perhaps more importantly, is that I think you are using the csrf cookie improperly. To protect against cross site request forgery only requires you to enable it and set it's properties in config/config.php. That is it. There is no need to read and write it in the controllers at all.
The cookie is already there. You can consult via Javascript with:
$.cookie("<?php echo $this->config->item("csrf_cookie_name"); ?>");
I hope be useful.
I'm using Azure ACS in my ASP.net MVC 3 website (hosted in Azure too), the scenario is this:
A user first enters my website and fills a one field form, then they need to chose a provider and login, but first I want to store the field value so when they come back from login I'm able to create a profile with this value for the loged in user.
So I believe when they first enter the site and then leaves to login and enters the site again those are two different sessions am I right? and that's the reason the stored data using session state (through SQL Server) is not present when they come back after login am I right? if this is true what would be the best approach then? if not then I'm doing something wrong storing temp data right?
Thanks
UPDATE:
I have discovered that HttpContext.Application state works keeping the data, still I'm not sure if it's a good idea to use it in a controller considering it's in Azure, will it work on production properly??
You can pass state around in the WS-Federation redirect sequence using the wctx URL parameter. In the action that handles the initial POST request, you should get hold of the form parameter you want to keep, then redirect to you identity provider selection page (this will have to be a custom page) with the form parameter appended to the URL. When the user selects an IP on your page, you can pass the parameter on again using the wctx parameter. The WS-Federation passive requestor profile says that this should be returned to you eventually when the IP redirects the user back to your site.
This has some details
http://msdn.microsoft.com/en-us/library/bb608217.aspx
Edit: To get the wctx parameter out of the request when the user finally comes back to your app. Put something like this in the action code:
var fam = FederatedAuthentication.WSFederationAuthenticationModule;
if (fam.CanReadSignInResponse(System.Web.HttpContext.Current.Request, true))
{
string wctxValue = this.HttpContext.Request.Form["wctx"];
}
My preference is to have the wcxt parameter represent a redirect URL (URL encoded) with your parameter as a query parameter in that so it be a URL encoded version of this:
wctx=https://yourserver/yourapp/yourpage?yourparameter=foo
Then the action that was receiving the redirect from the ACS would simply pull out the value of wctx and do a redirect to it without any more processing. This keeps things simple.
Another approach would be to save whatever data you need to pass around in the Database, and just pass around some ID that refers back to the database record. You'll pass this ID to IP and back through wctx (as Mike mentioned above).
This will solve the issue of limited length of URLs (in case your data is very large). Of course you would need to manage deletion of this data, but this shouldn't be hard.
man, I am stumped, and you probably won’t be able to help, but perhaps if I talk it through here:
This is a CodeIgniter custom CMS.
I am troubleshooting a custom cms someone else wrote; specifically, one of the payment gateways (HSBC - similar type library as PayPal or the like, but using Curl )
It has a callback function from the bank’s site, returning a set of $_POST variables.
PROBLEM: The $_POST variable are not accessible from app’s controller (I can see them returned by using httpFox)
I CAN:
1) return to a non-app .php page and print_r($_POST) (i.e., callback url is just another page on my server, outside of CI)
2) post a Form from within or outside the app to the suspect controller, and print_r($_POST) with no trouble (i.e., this controller/app CAN receive a normal post)
So, trying to read the $_POST results from the callback itself is what is failing.
Any ideas on what to check, or how to track this? It’s obviously some setting somewhere, perhaps with Curl, but I’m at a loss. Happy to post code/more info once I figure out what direction to go in
TIA,
jeff
Getting POST variables in CodeIgniter is acheived through the input class.
The documentation states that all the superglobal variables are destroyed.
Getting the content of $_POST['something'] should then be done by:
$something = $this->input->post('something');
ok, a little closer observation final tracked it down:
the previous developer had the .htaccess to first add a trailing slash, then remove the .index.php?
it seems the callback was being routed to itself and as part of the process (along with some config settings, maybe) was losing the post vars. not sure if that's a precise description, but it was routing twice through the system
thanks
I am working on a guess-a-number game with Ruby that will be online. I know I need to pass the SESSION somehow to keep the number that they are guessing, but I have tried a ton of methods with no luck. My code is here.
Any thoughts on what I can do get this code working? I have declared each of my sections.
A session is, usually, a combination of a cookie (session cookie), or some session id tacked onto the url, which has some unique identification of the current "session" and a way to save the data on the server and retrieve it when given the id from the cookie.
So I would set a cookie based on for example ip + Time.now.to_i and then save that ID and the values I want set into a database or a text file on the hard drive. Note that there is probably a lot better ways to create a unique ID but aim for the simple stuff first. :)
I also recommend that you look into CGI::Session which you require with require 'cgi/session'.