Symphony.

A new Extension, “Session Monster” is now available for download. Comments and feedback can be left here but if you discover any issues, please post it on the issue tracker.

This is a rewrite of the old Session Monster CS for 1.7, and is almost identical to the Cookie Monster Extensions already available for Symphony 2.

It will register any GET variable present in the URL with a session it maintains. Be sure to read README.txt and check out the Event documentation by going to your Components area of Symphony and clicking on “Session Monster: Add GET variable to session”

Requires Symphony 2 Revision 5

I started converting it yesterday but didn't have time to post it. Thanks for the duplication of effort :)

sweet. thanks alistair. my lame duck attempt to convert this didn't quite happen =) i'll try and implement this soon.

This is cool, and I am using it now, however the _GET needs to be sanitized, as this can result in a denial-of-service with a crafted url:

http://mysite.com/?foo=sdfsdf.</sdfsdf<xsl:fodfosfdo

This will break parsing and render pages broken so all values need to be cleaned...

I will see about an update for the extension when I examine how best to clean input strings the Symphony way. (if someone does know, please post here...)

Edit: Looks like General::sanitize() is the way...

For now edited event.sessionmonster_addgettosession.php to add:

$val = htmlentities($val,ENT_QUOTES,'UTF-8');

Here is the block (around line 51)

                foreach($_GET as $key => $val){
                     $val = General::sanitize($val);
                    if(!in_array($key, array('page', 'debug', 'profile'))){
                            $_SESSION[__SYM_COOKIE_PREFIX__ . '-sessionmonster'][$key] = $val;
                            $xml->appendChild(new XMLElement('item', $val, array('name' => $key, 'action' => (strlen($val) > 0 ? 'added' : 'removed'))));
                                    $count++;
                    }
                }

Sweet - thanks Allistair!

This extension does not show up in the extensions section of the forum. Maybe the category is missing?

Does it work with current Symphony code? Are there plans to implement byr0n's patch?

Hmm, the extension shows up on the extension section for me... maybe somebody has gone in and fixed the category?

I've tweaked the output of the DS so that it spits out multiple variables as nested XML nodes. I.e., instead of:

 <session-monster>
    <item name="name-of-param">123,456</item>
</session-monster>

We get:

<session-monster>
    <name-of-param >
        <item value="123" />
        <item value="456" />
    </name-of-param>
</session-monster>

Download the attachment and override /datasources/data.sessionmonster_showsessionparam.php to implement it.

nice, makenosound!

@Alistair, is this extension still maintained? It does not show up in the new download section, nor can I find it on Github.

It’s not on GitHub yet and I forgot to port a few Extensions over to the new downloads area. Will be doing that tomorrow.

Is there anyway to stop the sesison monster extension from breaking front end pages if you append the debug to a page in 2.2.1?

I have the below in my XML in debug mode:

<sessionmonster-?debug />

and on the page error I get this:

Line 31
loadXML(): error parsing attribute name in Entity, line: 31
Line 31
loadXML(): attributes construct error in Entity, line: 31
Line 31
loadXML(): Couldn't find end of Start Tag sessionmonster- line 31 in Entity, line: 31

Not sure I can flush that session param as it's not valid no?

Ignore me, removed the Event :Session Monster and then re-enabled and all is well wheeew.

EDIT spoke too soon, this is an issue I'm encountering whenever I re-enable the: Session Monster: Add GET variable to session on my page.

Anyone else experiencing anything similar on a 2.2.1 install?

EDIT

Edited the event php to temporary exclude the offending params from the XML for now.

@moonoo2, I get a similar error on 2.2.1 too. In <params> I have the following error <sessionmonster-debug14/56/ /> where 14 and 56 are param values. All was working fine with 'Session Monster: Add GET variable to session on my page' until I did a debug. I will try in a later version and see what occurs...

Just for the record, this extension still works in 2.3. I am using it to build a bilingual website and it works like a charm.

The problem is that I don't know how to initialize the session parameters, when a user first visits the site.

Right now, to set my lang parameter, the user has to set it manually by himself like this:

http://www.domain.com/?lang=de

Do I need to tamper with the .htaccess file in order to default this parameter to, say, en upon first visit?

Or is there a simpler way to do this?

I'm trying to use Session Monster to collect a selection of entries that a user selects (then turn these entries into a PDF).

I figured the best way to do this would be to pass each user-selected entry's ID to Session Monster, which will give me a load of $sessionmonster-paramname params with which to filter another DS.

How, then, can I use these params? Is there a way to filter by all params that start with $sessionmonster-?

Alternatively, I wonder if it might be better to put all of these IDs in one param. I think I could achieve this by passing in the current value of the param, along with the new ID to be added. However, I would also like offer users the option to remove entries before compiling their PDF, and I think this would be tricky if all the IDs were in one param; especially if they were to remove an entry, then continue to navigate around the site, potentially selecting other entries, before compiling the PDF.

I suppose I'm after a DS filter wildcard, like $sessionmonster-*. Basic testing suggests that this isn't possible; is there another way I should try?

I am using this extension for the first time and have a question regarding session expiry.

I have set session variables and expected that when I closed and reopened the browser application that the session would be reset. This is not the case however and the session variables seem to remain.

How can I ensure that Symphony forgets the session once the browser is closed?

Thanks

How can I ensure that Symphony forgets the session once the browser is closed?

Short answer: not very easily...

Long answer: look at my fork and replace the TWO_WEEKS constant with 0. This should expire every session when the browser is closed. Unfortunately it is not (easily) possible to make only the Monster sessions expire, as (I believe) it uses the standard Symphony session cookie.

I'm having some issues in Symphony 2.3 with this extension. It all seems to be functioning pretty well, but I am running into problems with value-of.

My param pool has this value:
<sessionmonster-test>myvalue</sessionmonster-test>

So in my front-end, I am simply trying to pull that value in with:
<xsl:value-of select="/data/params/sessionmonster-test"/>

But it comes up blank, even though the value is there. If I specify the url parameter, it comes up just fine. I think this is due to the parameters being set in the event.sessionmonster_addgettosession.php file, rather than extension.driver.php.

I tried a couple different delegates out to fire after the Event was saved, but I wasn't having much luck there. Anyone have any ideas on this one at all? I still think the param value being in my pool should be enough for value-of to work, so it might be due to something different.