Not sure if this belongs here or at webapps... please move if appropriate.
I don't even know if such a thing is possible, but is there an extension or add-on for either Firefox or Chrome that would let me view all my PHP session variables the way there are extensions that let you view cookies?
Cookies are available on the client-side, so they can be seen from the browser.
On the other hand, session data is stored on the server, and never sent to the client (except you write some code to do just that, of course).
To dump the content of a variable, like $_SESSION, you can use the var_dump() function.
On a development server, you can install the Xdebug extension to enhance its output greatly (and lots of other debugging-related things, btw).
If you don't want to pollute the HTML of your page, you could install the FirePHP extension to FireBug, and use the corresponding PHP library to send data (like dump of variables) to it.
This would allow your variables, like $_SESSION, to be displayed in firebug's console.
PHP session variables are stored on the server and are inaccessible to the client.
No. Session data is server-side, while cookies are client-side. The session cookie contains the session identifier, which the server (i.e.: PHP) uses to retrieve the proper session data.
It is not possible to view session data without remote access to the server, or using a script (that resides on the server).
This is why it is recommended to store "sensitive" information in session instead of cookies, because it cannot be consulted/altered easily.
No. Session variables are stored on the server. The only thing that would be visible in Firefox is the ID of the session, stored in the session cookie (e.g. PHP_SESS_ID=randomgarbage).
You'd have to explicitly write a script that would dump out the session variables, something as simple as:
dumpsession.php:
<pre>
<?php
var_dump($_SESSION);
You can use: Print_r ($_SESSION);
I had this simple script that shows the $_SESSION variables.
<?php
error_reporting(E_ALL);
session_start();
if (isset($_POST['session'])) {
$session = eval("return {$_POST['session']};");
if (is_array($session)) {
$_SESSION = $session;
header("Location: {$_SERVER['PHP_SELF']}?saved");
}
else {
header("Location: {$_SERVER['PHP_SELF']}?error");
}
}
$session = htmlentities(var_export($_SESSION, true));
?>
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title>Session Variable Management</title>
<style>
textarea { font: 12px Consolas, Monaco, monospace; padding: 2px; border: 1px solid #444444; width: 99%; }
.saved, .error { border: 1px solid #509151; background: #DDF0DD; padding: 2px; }
.error { border-color: #915050; background: #F0DDDD; }
</style>
</head>
<body>
<h1>Session Variable Management</h1>
<?php if (isset($_GET['saved'])) { ?>
<p class="saved">The session was saved successfully.</p>
<?php } else if (isset($_GET['error'])) { ?>
<p class="error">The session variable did not parse correctly.</p>
<?php } ?>
<form method="post">
<textarea name="session" rows="<?php echo count(preg_split("/\n|\r/", $session)); ?>"><?php echo $session; ?></textarea>
<input type="submit" value="Update Session">
</form>
</body>
</html>
Install it on a test server, name it "sess.php" or something like that, and it shows the current session. DO NOT LEAVE IT ON A PRODUCTION SERVER !!!
To acces something fro ma session you could use var_dump, I dont the browser due security restrictions. http://php.net/manual/en/function.var-dump.php
