I have purchased e-commerce software for my site that I'm developing. This software uses a form which when loaded has a session ID as a hidden value.

There is a piece of HTML code that is incompatible with how I want to setup my site (_top in target of form). I'm trying to open the e-commerce software in a lightbox/iframe. However, if I do, when the the submit button is pressed it reloads the current page because there is a target="_top" attribute which is in the form tag.

Since I can't take that _top out of the e-commerce script, I would like to programatically connect to the server that is hosting the e-commerce site and strip out a value (session id) from the page and then re-use it in my page where I can duplicate the form?

Here is the flow of the form:

- Page loads and displays form
- if you view the source of the form that is displayed, there is a hidden form value (session id) with the name of "sid".
- When you submit the form you go to a /cgi-bin/results.cgi page

I have tested this manually by displaying the form in one tab/window. In another tab/window (where I have duplicated the form) I take the sid value that was in the first tab/window. When I do this and submit the form everything works correctly. If I don't do this, then I get an error "Session Expired".

Can anyone help me do this automatically when my page (with the duplicated form) is loaded? I would like to use javascript to do it.

Sessions are server side javascript is client side.
Sessions are created "on the fly"

You only option is to recreate the form SERVER SIDE and include the session ID in the form.

Maybe I'm not explaining this properly. I know that sessions are created server side. That is why I want to use javascript to "connect" (for lack of a better word) to the e-commerce hosted script, scrape out the session id that was created from the "connection on the other server". I then want to take that session id and inject it into a page on my server where I have duplicated the submit form with my own HTML (but the same action as the original page).

Does that make sense?

WHY????

Use server side code to put the session ID INTO the form you have created.

IF you use XMLHTTP (the only way JS can "talk" to the server) to "scrape" the session ID it will be creating a NEW connection to the server and have A DIFFERENT SESSION ID

Okay... This is obviously not coming across the way I want. I do not have control on the server side. This is a script which is a hosted solution and in the form that is rendered, there is an attribute of target="_top". This is messing up my site because I'm trying to open this page in a lightbox instead of a pop-up. But... Because there is a target="_top" it is overriding my page completely (not just the lightbox) when the submit button is clicked.

I'm not trying to do anything malicioius, just have a more pleasing appearance for my users via the lightbox.

Session ID: The form that is rendered has a <input> tag of type "hidden" which is name="sid". This is a hash value that is used as a session id. What I want to do is not connect to the hosted server at all. I would like to code my OWN custom form and have the same action="" attribute/value so that when the form is submitted it will automatically do the product search. The issue is that when I do this, I get an error back "no session".

Now... If I open up a new browser window, go to the actual website with the form, THEIR server automatically generates a session ID and puts it into the hidden field mentioned above. From there, if I *scrape* (or copy) that session id and hard code it into MY custom form that I coded (as a hidden field) then it works perfectly.

The problem is that I cannot do that for every user that comes to the site, however IF I could find a way to use javascript (or some other scripting language -- ie. php/cURL) to do it then I could get a new session id for every user.

It is not a true session ID in the sense that you would think. It doesn't get passed to the browser and then the client keeps it in memory. Instead, EVERY time you refresh THEIR page it reloads a new session ID. That is what gave me the idea of doing this.

Is this similar to the issue you're having here: http://www.webmaster-talk.com/html-f...ide-frame.html ?

You must understand that JavaScript has no access to any content on remotely hosted websites. It simply cannot read any information from any foreign site because of the Same Origin Policy: http://en.wikipedia.org/wiki/Same_origin_policy

Yes, it is all related to the same issue.

I guess in order to do what I want, I would need to use php/cURL and *scrape* the contents of the page, save the SID and then include that file to the new form.

I'm just going to use pop-up's. Thanks for the help. The company says that they should have a solution for me within a month or so.

I'm not sure how using PHP would make a difference... Wouldn't a new "session ID" still be generated each time if you went that route?

If I use wget to get the page (for example). EVERY time I download the page, it will have a different ID. This is the same behaviour even when you press F5 to reload the page in a browser (a new ID is created each time).

Therefore, I KNOW that I could do it with PHP but I'm just not going to worry about it. I'm going to use pop-ups for now and my head office should be coming up with a solution for me within the month.