I am trying to share a session from a Legacy PHP application with a Laravel app,
I have Redis setup and can see the session keys in Laravel using Redis::command('keys', ['*'])
But I'm confused how I am supposed to access the current user's session values in Laravel, for example I have a value stored as test but doing something like Redis::get('test') returns NULL.
If I look up one of the keys using Redis::command('keys', ['*'])
I can get the value, for example Redis::get('PHPREDIS_SESSION:KEY') returns the serialized test key value pair, but how can I get this value or the session key without looking up all of them?
I feel like I'm missing a basic concept or something obvious, so any help would be greatly appreciated.
OK so I worked out how to do this, make sure to add a . to your session domain, so it can be used across subdomains.
You can then access the session key by doing the following:
$session_id = session_id();
$redis_key = "PHPREDIS_SESSION:{$session_id}";
$serialized_value = Redis::get($redis_key);
// unserialize the value to access the actual data
$session_data = unserialize($serialized_value);
It's also worth noting, to use PHP's unserialize function you need to make sure session.serialize_handler is using php_serialize and not php.
Hope this helps someone in the future.
Related
I am trying to track down the source of a very serious bug in my application. I use a session variable to track the current logged in user which is derived from a database call (via PEAR, configured to return an associative array).
The variable is set up like this:
$_SESSION['u'] =& $db->getRow("SELECT * FROM user WHERE blah");
$u =& $_SESSION['u'];
global $u;
I then use $u in my code throughout to access this data as a shortcut.
This code has been running for years without issue but it seems recently that there have been occasions where users have found themselves logged in as other people. This seems to happen some time after they log in, and they migrate to become someone else. Clearly this is awful.
I was trying to debug but without a repeatable sequence of events this is pretty difficult.
My question is, do you think the setting of the session variable by reference to the database-derived array could be causing it? Could on a further page load, the memory location to which the session variable points be replaced with another user's data from a different session? Or could it be replaced with data from another database call that I am running in this user's session? I understand from reading up subsequently that this code should not be operated like this and have since removed the first & but I would like to have some idea if this could have actually been the problem. I've read that the memory location could get GC'd and turned to nothing, but this doesn't seem to have happened, it only seems to have been corrupted credibly with another user's details.
All help welcome.
I'm writing a web application in PHP and I want to declare an array, in which i want to save the host and how often this host has opened my web application. I want to add the variable to something like the application scope in JSP. I've tried to add this array to $_SERVER, but this hasn't worked. If I try to acess the variable in another file with $_SERVER[$_GET["id"]] the variable is always NULL. Can someone please help me?
Here my code:
if(empty($_SERVER[$_GET["id"]])){
$_SERVER[$_GET["id"]]=array($country, 1);
}else{
$_SERVER[$_GET["id"]][$country]+=1;
}
several things:
$_SERVER is for SERVER do not use it to play global array.
$_SESSION is returning null because you probably didn't declare any
session_start at the beginning of your file. If you don't do that, the session cookies (variables) are not shared and this is why its null.
this is the basic of vanilla php.
From here, you could explore a micro framework that has this built in...
UPDATE
due to your misconception of "session", what you want to do is to persist data. If you want to "share" this array of yours among different users (aka data sharing among session), I would recommend to persist via data storage:
sqlite/memory or sqlite/file
redis (value/key and its quick)
mysql or any sql/no-sql
least favorable IMO: write to a simple file and retrieve. The only issue with this, is that you will have "lock" condition but then again so will the other ones
Good afternoon, everybody.
I'm here with a doubt.
Already have an active session, and I have to create another session. with more data.
More This new session is getting empty and the data is going to the first session.
Anyone know how to add data in the session specified by name.
I would be very grateful for the help.
You cannot have multiple sessions active at the same time. However a session is just an associative array, so you can create multiple namespaces inside using different keys. For example
$_SESSION['one'] = $foo;
$_SESSION['two'] = $bar;
I believe you can specify separate sessions using session_name(). Another thing you can do is read the actual session files if you have access to them on the file system. Variables and data are all there in plain text.
But all this sounds very sloppy to me and I can't imagine why you would need to do it this way. Provide more information about what you're trying to accomplish and maybe we can help you find a more straightforward way of achieving it.
I need to share sessions between subdomain but my sessions are stored in weird format. For example if ill compare same session data (from session file) from different servers i see that in first case data are stored correctly but not in second one.
First server session string:
TEST_VAR|s:10:"TEST VALUE";
Second server session string:
NUnNmu-NLaO2lP-1J_LVRdJm5cPH54dlnDN1W1GaHXrebf3hl_clOl3xeoZlvHsj
I'm using same code to generate sessions, where is the problem? Anyone know whats wrong? How can i decode this weird string? session_decode() can't handle it.
This might help: PHP / Drupal, Session Storage and encryption
If not, check the php.ini/phpinfo() on both servers and see if there are any differences in the session-related configuration.
So I'm doing some maintenance on a PHP site that is using $_SESSION variables. I started seeing some very very weird behavior and after hours of debugging I just figured this out. As an example, lets say I have a session variable setup like this:
$_SESSION['user']['id'] = 123;
$_SESSION['user']['firstname'] = 'John';
$_SESSION['user']['lastname'] = 'Doe';
At one point in a script, a call to a MySQL table is made using some Zend classes:
$sql = "SELECT whatever FROM table";
$user = $db->fetchRow($sql);
Now here is where the weirdness starts... After this database call is made, my $_SESSION['user'] array value is all of the sudden changed to be the object that is retrieved from the database call...
Basically: $_SESSION['user'] is now the same as the object that was retrieved using the fetchRow DB method that was supposed to be stored in the variable $user. I've never seen this before.
The only thing I can figure out is because the variable name $user is the same as the $_SESSION['user'] array key name, its acting as like a shortcut or something.
Is this some sort of weird PHP Session shortcuts that I've never heard of before?
On a side note, I know that accessing $_SESSION vars directly is not the best practice. I didn't build this website. My job is just to fix some stuff and add some features.
UPDATE: Sure enough, register_globals is on. Thanks for the quick help guys. No wonder I was seeing such weird behavior.
Sounds like you have register_globals set to On in PHP.ini. Turning it off should fix this.
If you don't have access to change PHP.ini an alternative solution is discussed here
Check if register globals is turned on. Accessing $_SESSION is the only way to access session data safely.
Register globals is an old feature that turned global variables into local variables. The issue with that was you could not safely know where the data was coming from. Something you expected from a session could be set with a get, post or a cookie variable. So it was very easy to bypass security.