Symphony.

A new Extension, “Session Monster” is now available for download. Comments and feedback can be left here but if you discover any issues, please post it on the issue tracker.

This is a rewrite of the old Session Monster CS for 1.7, and is almost identical to the Cookie Monster Extensions already available for Symphony 2.

It will register any GET variable present in the URL with a session it maintains. Be sure to read README.txt and check out the Event documentation by going to your Components area of Symphony and clicking on “Session Monster: Add GET variable to session”

Requires Symphony 2 Revision 5

I started converting it yesterday but didn't have time to post it. Thanks for the duplication of effort :)

sweet. thanks alistair. my lame duck attempt to convert this didn't quite happen =) i'll try and implement this soon.

This is cool, and I am using it now, however the _GET needs to be sanitized, as this can result in a denial-of-service with a crafted url:

http://mysite.com/?foo=sdfsdf.</sdfsdf<xsl:fodfosfdo

This will break parsing and render pages broken so all values need to be cleaned...

I will see about an update for the extension when I examine how best to clean input strings the Symphony way. (if someone does know, please post here...)

Edit: Looks like General::sanitize() is the way...

For now edited event.sessionmonster_addgettosession.php to add:

$val = htmlentities($val,ENT_QUOTES,'UTF-8');

Here is the block (around line 51)

                foreach($_GET as $key => $val){
                     $val = General::sanitize($val);
                    if(!in_array($key, array('page', 'debug', 'profile'))){
                            $_SESSION[__SYM_COOKIE_PREFIX__ . '-sessionmonster'][$key] = $val;
                            $xml->appendChild(new XMLElement('item', $val, array('name' => $key, 'action' => (strlen($val) > 0 ? 'added' : 'removed'))));
                                    $count++;
                    }
                }

Sweet - thanks Allistair!

This extension does not show up in the extensions section of the forum. Maybe the category is missing?

Does it work with current Symphony code? Are there plans to implement byr0n's patch?

Hmm, the extension shows up on the extension section for me... maybe somebody has gone in and fixed the category?

I've tweaked the output of the DS so that it spits out multiple variables as nested XML nodes. I.e., instead of:

 <session-monster>
    <item name="name-of-param">123,456</item>
</session-monster>

We get:

<session-monster>
    <name-of-param >
        <item value="123" />
        <item value="456" />
    </name-of-param>
</session-monster>

Download the attachment and override /datasources/data.sessionmonster_showsessionparam.php to implement it.

nice, makenosound!

@Alistair, is this extension still maintained? It does not show up in the new download section, nor can I find it on Github.

It’s not on GitHub yet and I forgot to port a few Extensions over to the new downloads area. Will be doing that tomorrow.

Is there anyway to stop the sesison monster extension from breaking front end pages if you append the debug to a page in 2.2.1?

I have the below in my XML in debug mode:

<sessionmonster-?debug />

and on the page error I get this:

Line 31
loadXML(): error parsing attribute name in Entity, line: 31
Line 31
loadXML(): attributes construct error in Entity, line: 31
Line 31
loadXML(): Couldn't find end of Start Tag sessionmonster- line 31 in Entity, line: 31

Not sure I can flush that session param as it's not valid no?

Ignore me, removed the Event :Session Monster and then re-enabled and all is well wheeew.

EDIT spoke too soon, this is an issue I'm encountering whenever I re-enable the: Session Monster: Add GET variable to session on my page.

Anyone else experiencing anything similar on a 2.2.1 install?

EDIT

Edited the event php to temporary exclude the offending params from the XML for now.

@moonoo2, I get a similar error on 2.2.1 too. In <params> I have the following error <sessionmonster-debug14/56/ /> where 14 and 56 are param values. All was working fine with 'Session Monster: Add GET variable to session on my page' until I did a debug. I will try in a later version and see what occurs...