Session variables

Last post 05-21-2010, 11:20 AM by bcaa8ra. 8 replies.
Sort Posts: Previous Next
  •  04-21-2009, 9:40 AM 51313

    Session variables

    Hi.
     
    I use sessions on all webpages on my site, they are controlled with a bespoke routine which uses MYSQL to store all session variables so the site works with multiple load balanced servers. Every webpage includes a session library file before anything else.

    Everything has been fine but I recently downloaded the editor to update it and I now get:- "The area you are attempting to access is forbidden" when a dialog box is openned, say "Add image".
     
    I can see the session variable of the editor being stored in the database but it's obviously loosing it, or not loading it from the same place when the dialog box is openned.
     
    Can you tell me which files I need to change to add in my session handling in place of yours.
     
    Thanks
     
  •  04-21-2009, 10:03 AM 51314 in reply to 51313

    Re: Session variables

    Appears that I've fixed it myself.
     
    I've edited the "Include_Security.php" file and removed the session_start(); replacing that with my custom files. Can you tell me if I need to change any others please.
     
    e.g.
     
    //session_start();
    include("../../../includes/vars.php");
    include("../../../includes/sessions.php");
    Thanks
  •  04-21-2009, 12:51 PM 51322 in reply to 51314

    Re: Session variables

  •  04-24-2009, 9:28 AM 51503 in reply to 51322

    Re: Session variables

    Hi,
     
    This has not entirely cured everything.
     
    If I have a page with a "ImageGalleryByBrowsing" such as :-

       <div onclick="callGetImage()">CLICK TO GET IMAGE</div>
       <form name="changeImage" action="" method="post">
       <input id="imageName" name="imageName" type="text" size="50"/>

        <?php

         $editor=new CuteEditor();
         $editor->ID="newImage";
         $editor->Text="";
         $editor->FilesPath="CuteEditor_Files";
         $editor->BaseHref="
    http://www.mydomain.com";
         $editor->URLType="Absolute";
         $editor->SecurityPolicyFile="mySecurity.config";
         $editor->AutoConfigure="None";
         $editor->ContextMenuMode="None";
         $editor->ShowBottomBar=false;
         $editor->Width=10;
         $editor->Height=10;
         $editor->ImageGalleryPath="/user/me/uploads";
         $editor->Draw();
         $ClientID=$editor->ClientID();
         $editor=null;

        ?>

       </form>

       <script Language="javascript">
       function callGetImage()
       {
           var editor = document.getElementById('<?php echo $ClientID; ?>');
           editor.FocusDocument();
           var editdoc = editor.GetDocument();
           editor.ExecCommand('new');
           editor.ExecCommand('ImageGalleryByBrowsing');
           InputURL();
           document.getElementById('imageName').focus();
       }
       function InputURL()
       {
           var editor = document.getElementById('<?php echo $ClientID; ?>');
           var editdoc = editor.GetDocument();
           var imgs = editdoc.getElementsByTagName("img");
           if(imgs.length>0)
               document.getElementById("imageName").value = imgs[imgs.length-1].src;
           else
              setTimeout(InputURL,500);
       }
       </script>
    Then this works fine with no forbidden access problems.
     
    If I now add a normal edit area as a subsequent control, such as:-

       <?php

        $userPath="/user/me/";

        $editor2=new CuteEditor();
        $editor2->ID="description";
        $editor2->subsequent=true;
        $editor2->FilesPath="CuteEditor_Files";
        $editor2->BaseHref="
    http://www.mydomain.com";
        $editor2->URLType="Absolute";
        $editor2->AutoConfigure="Full";
        $editor2->ToggleBorder=false;
        $editor2->ContextMenuMode="None";
        $editor2->SecurityPolicyFile="mySecurity.config";
        $editor2->Text="Test text";
        $editor2->Width=720;
        $editor2->Height=400;
        $editor2->ActiveTab="Edit";
        $editor2->ImageGalleryPath=$userPath."Uploads";
        $editor2->FlashGalleryPath=$userPath."Uploads";
        $editor2->FilesGalleryPath=$userPath."Uploads";
        $editor2->MediaGalleryPath=$userPath."Uploads";
        $editor2->ShowTagSelector=false;
        $editor2->EnableStripScriptTags=true;
        $editor2->EditCompleteDocument=true;
        $editor2->BreakElement="Br";
        $editor2->Draw();
        $editor2=null;

       ?>
    Now the first "ImageGalleryByBrowsing" control fails with "The area you are attempting to access is forbidden" whilst the second control works fine.
     
    If both use the same security file then what is the conflict?
     
    Thanks
  •  04-24-2009, 11:07 AM 51508 in reply to 51503

    Re: Session variables

    Looks like each control is producing a different "CESecurity" code.
     
    The first control fails here:-
     
      if ($CESecurity!=$_SESSION['CESecurity'])
     {
      print "The area you are attempting to access is forbidden";
      exit();
     }
     
    Looks like the second control overwrites the first ones CESecurity session code.
    Shouldn't these be the same?
    Shouldn't the "subsequent" instruction take care of more than one control per page?
     
    Thanks
     
     

     
  •  02-22-2010, 1:01 PM 58896 in reply to 51508

    Re: Session variables

    I am having this same issue now. Glenn, did you ever find the fix to this? Or can we get help from an Admin?
     
    Basically, I have done the same thing (added 2 editors to one page). The second instance does have the subsequent = true statement. The first instance keeps giving me the "The area you are attempting to access is forbidden" error when I click on the "Insert Hyperlink" icon, while the second instance works fine. I also found that the code Glenn pasted is the code causing my issue too. So basically, each instance has its own $_SESSION['CESecurity'] definition, which causes the first instance's security code to now be different.
     
    How can we fix this?
  •  05-15-2010, 10:00 AM 61036 in reply to 58896

    Re: Session variables

    Did this issue get fixed???
    I have the exact same problem myself.

    MAKO Web Sales
    Sarasota's Only Certified PayPal Developer
  •  05-18-2010, 3:35 PM 61113 in reply to 61036

    Re: Session variables

    bcaa8ra:
    Did this issue get fixed???
    I have the exact same problem myself.
     
    Please download the latest build then try again.
     
    Keep me posted

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  05-21-2010, 11:20 AM 61232 in reply to 61113

    Re: Session variables

    I found the problem (at least for me!)
     
    When I made the  image gallery path identical on both instances my problems cleared up. I now have 3 instances on the same page.
     
    In my case
     
    .....
    $editor->ImageGalleryPath = "/Uploads";
    ......
     
    ....
    $preeditor->ImageGalleryPath = "/Uploads";
     ......
     
    ....
    $toplinkeditor->ImageGalleryPath = "/Uploads";
     ......
     
     
    I hope this helps someone else, 
    Bernie

    MAKO Web Sales
    Sarasota's Only Certified PayPal Developer
View as RSS news feed in XML