Re: The area you are attempting to access is forbidden sec2

  •  06-05-2011, 11:36 PM

    Re: The area you are attempting to access is forbidden sec2

    Hi, Ken,
     
    I'm way beyond that.
     
    Other threads on this error say that it is due to a bug in CuteEditor that if the calling application is using Session Names, that one has to patch a session_name("MySession") into two routines: include_CuteEditor.php and dialogs/Include_Security.php.
     
    I did that with a static session name, and it cured the problem.  The only hitch is that in our application, a single user of the system (and CuteEditor) may move through several different contexts working with our application, and each context gets a unique session name that is stored in a variable.  That is, a user might edit some content in CuteEditor in one context, with one session name, and then two minutes later, edit some other content in a different context, with a totally different session name.  I know what that session name is, because I generate it uniquely, and I can put it into a variable.
     
    Unfortunately, my tests have shown that there is no variable or global I can set in PHP that survives into these two routines.
     
    That is, in the following code from include_CuteEditor.php, which works if my session happens to have that name, cannot be used, because my session name could be anything at any time, not just  'USCGAux1141205'. Two minutes from now, it might be USCGAux1141007.
     
    error_reporting(E_ALL ^ E_NOTICE);
    session_name("USCGAux1141205");
    if(!isset($_SESSION)) session_start();
    class CuteEditor
    {
    I need to be able to write something like:
     
    error_reporting(E_ALL ^ E_NOTICE);
    session_name($CURRENT_SESSION_NAME);
    if(!isset($_SESSION)) session_start();
    class CuteEditor
    {
    to be able to pass in a variable for the session name,or even
      session_name($GLOBAL['my_current_session_name']);
     
    But  none of this works, because both of those variables turn out to be unset by the time I get into that part of the CuteEditor code. I know, because I hacked some debug code into each routine, and checked.
     
    CuteEditor needs the following feature:
     
      $editor->session_name = $my_session_name
     which then propagates throughout the entire CuteEditor code as required.
     
    What I need specific help on, from someone who knows the code intimately, is, what do I need to do to get my session name variable to show up in the two routines above where it is needed? How much and what code do I have to hack?
     
    Sincerely,
    Steve Johnson
     
     
       

    Steve Johnson
    U.S.Coast Guard Auxiliary
View Complete Thread