I'm having a problem with my session variables.
I can't set any variable after my require once.
But I need to store my data after the login.
Here is the code :
<?php include "include/header.php";
require_once('simplesamlphp/lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth();
$attributes = $as->getAttributes();
$_SESSION["nivauth"] = "test";
?>
EDIT :
session_start() is in the header.php
i try to get the session var on another page with echo $_SESSION["nivauth"];
I have this error on the other page :
Notice: Undefined index: nivauth in /var/www/html/cableEdit.php on line 10
And my session var nivauth is available only on my first page.
My session_start() is working, and all my others sessions variables are created on others pages can be viewed.
If I place $_SESSION["nivauth"] = "test"; just under the include everything works, but I can't get nivauth from the authentification.
The var is created but can't be accessed on other page...
Refer to this part of the documentation
If we are using PHP sessions in SimpleSAMLphp and in the application we are protecting, SimpleSAMLphp will close any existing session when invoked for the first time, and its own session will prevail afterwards. If you want to restore your own session after calling SimpleSAMLphp, you can do so by cleaning up the session like this:
$session = SimpleSAML_Session::getSessionFromRequest();
$session->cleanup();
If you don't cleanup SimpleSAMLphp's session and try to use $_SESSION afterwards, you won't be using your own session and all your data is likely to get lost or inaccessible.
I was stuck on a similar issue with SimpleSamlPHP. After tried with various solutions, finally below workaround solved my issue.
In your header.php(or other pages), instead of session_start(); initiate SimpleSamlPHP class by adding below two lines you can restore your custom session variable along with simplesamlphp session.
require_once('simplesamlphp/lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');
Here is the snippet.
<?php
//header.php
//session_start();
require_once('simplesamlphp/lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');
echo $_SESSION["nivauth"];
cleanup() simply was not working So i did two changes in addition to $session->cleanup() to make it work
1- empty session.phpsession.cookiename in config/config.php
'session.phpsession.cookiename' => ''
2- Added session_start(); after cleanup()
$session = SimpleSAML_Session::getSessionFromRequest();
$session->cleanup();
//session_write_close();
session_start();
Related
Code example:
<?php
require_once(DRUPAL_ROOT . '/simplesaml/lib/_autoload.php');
session_write_close();
session_set_save_handler(new SessionHandler(), true);
$as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth();
$attributes = $as->getAttributes();
$samlSession = \SimpleSAML\Session::getSessionFromRequest();
$samlSession->cleanup();
$_SESSION['saml'] = $attributes; // <-- this does not work, since altering $_SESSION at this point is useless. reading out $_SESSION on a another page does not have anything saved after calling the SimpleSAMLphp functions
We are using SimpleSAMLphp on our website as SP to use with a Shibboleth IDP. The server cant run the apache modules or memcache so we need to use PHP sessions. On the simplesamlphp documentation it says:
If we are using PHP sessions in SimpleSAMLphp and in the application
we are protecting, SimpleSAMLphp will close any existing session when
invoked for the first time, and its own session will prevail
afterwards. If you want to restore your own session after calling
SimpleSAMLphp, you can do so by cleaning up the session like this:
$session = \SimpleSAML\Session::getSessionFromRequest();
$session->cleanup();
If you don't cleanup SimpleSAMLphp's session and try to use $_SESSION
afterwards, you won't be using your own session and all your data is
likely to get lost or inaccessible.
The problem is, that is exactly the issue we are facing. Whatever I write into $_SESSION after loading the SSP files is lost at the new page request.
Now, we are using Drupal 7. I dont know how to implement the documentation code in a Drupal environment:
// use custom save handler
session_set_save_handler($handler); // what is this? what is $handler?
session_start();
// close session and restore default handler
session_write_close();
session_set_save_handler(new SessionHandler(), true);
// use SimpleSAML\Session
$session = \SimpleSAML\Session::getSessionFromRequest();
$session->cleanup();
session_write_close();
// back to custom save handler
session_set_save_handler($handler); // how do i get the Drupal handler?
session_start();
So how do I implement the session swapping in a Drupal 7 environment? Or generally, how do I get a session handler/ reference?
Drupal itself does this at some point in session.inc:
session_set_save_handler('_drupal_session_open', '_drupal_session_close', '_drupal_session_read', '_drupal_session_write', '_drupal_session_destroy', '_drupal_session_garbage_collection');
But calling any Drupal session function didnt work, $_SESSION was always unwritable (or rather didnt actually save) after using SimpleSAMLphp.
Edited:
If you are not using SimpleSAMLphp's stand-alone web UI, this might work:
require_once(DRUPAL_ROOT . '/simplesaml/lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth();
$attributes = $as->getAttributes();
$samlSession = \SimpleSAML\Session::getSessionFromRequest();
$samlSession->cleanup();
$_SESSION['saml'] = $attributes;
It should keep your original session handler (which would also be used by SSP), then reload the old session ID by restoring previous session id and name.
Original answer:
Looking at the SimpleSAMLphp session handler's code it should already recover the previous session - If there are any active in the moment of invoking SimpleSAMLphp.
I would say that what happens here is that you manually closed the session by using session_write_close(); before SimpleSAMLPhp started theirs, so when you closed SimpleSAMLphp's session, the previous one could not be restored.
I would try to do as follows (I assumed it is the code you are using):
// If I recall well, Drupal already starts session for you,
// but if it's not the case in your configuration, go ahead and uncomment following lines
// session_set_save_handler($handler);
// session_start();
// use SimpleSAML\Session
$session = \SimpleSAML\Session::getSessionFromRequest();
$session->cleanup();
// Just resume your $_SESSION use
$_SESSION['myAttribute'] = 'myValue';
Running PHP 7.2.12 on a local Apache server (XAMPP on Windows).
I'm playing around with multiple sessions in PHP to see if I can stash away an open session, play around with a new one, and retrieve the previous session. I'm about to give up and just chalk it up to some kind of file locking thing.
The code that hangs ("connection reset" in Firefox):
//first session
session_start();
$old_id = session_id();
$old_session = $_SESSION;
$id = session_create_id();
session_commit(); //same as session_write_close()
//new session
session_id($id);
session_name('new_name');
session_start();
I don't particularly need any of the code to be this way, but I'm totally lost as to why this hangs due to this:
Comment out any one of the following lines:
$old_id = session_id();
$old_session = $_SESSION;
session_name('new_name');
And it doesn't hang. You can also replace session_create_id() with an alphanumeric string literal and it won't hang. It only seems to hang when all 3 of these optional lines are present, and when using session_create_id() to create a new collision free id. Is there a way to guarantee that it won't hang?
And for anyone who has time, I have another question: What would be the proper way to stash an open session, open/manipulate/save my own session, and then restore the original session?
This works:
//previous session
session_start();
$_SESSION['var'] = 'value';
//try to stash open session
$old_id = session_id();
session_commit();
//open new session
session_id('mySession');
session_start();
//modify and save my session
$_SESSION['var'] = 'mine';
session_commit();
//restore previous session
session_id($old_id);
session_start();
echo $_SESSION['var']; //output 'value'
But I'm afraid that once I start messing with new session names in combo with session_create_id() that I'll run into the hanging problem. Maybe I should check for session id collision without the use of session_create_id()? Or should I just try to piggy-back onto the already open session?
Edit: Maybe the core of what I'm asking is that if I make a PHP class that wants to pass anonymous data to/from the client, and somebody using my class opened a PHP session prior to using my class, what's the accepted way of handling that without stepping on the previous session? Ideally I want to name my session with something unique to the class, ie. not the default 'PHPSESSID'.
You ahe handling Session wrong in first example (you call session_create_id uselessly), it probably cause to hanging. Check logs if something info was here.
Maybe problem can be exhalted when you copy $_SESSION variable to another variable and then close session. As PHP internally works it can cause to unpredictable behavion, because $_SESSION is special type of array.
Here is my scenario.
I have 2 different pages with php
1). index.php page have session name declared as "session_one"
$some_session = session_name("session_one");
session_set_cookie_params(0, '/', '.domain.net');
session_start();
2). order.php page have session name declared as "sesson_random" (this is required to have another session name due to nature of implementation
$some_session = session_name("sesson_random");
session_set_cookie_params(0, '/', '.domain.net');
session_start();
now the issue that I am facing is that I have stored some values on index.php in session which I want to retrieve on order.php. I have tried many ways but unable to pass it.
Please note that I can not pass those values in query string of url.
Please help
You should be able to read the data from the other session, by restoring it before you open the new one. All you have to do is use the session_id function. I tested it with this code right here: (index.php)
<?php
session_name("session_one");
session_start();
$_SESSION["test"] = array("this is just a test");
print_r($_SESSION);
?>
Now, all you have to do is load the other session first and save the values into an array: (order.php)
<?php
if(isset($_COOKIE["session_one"])){
session_id($_COOKIE["session_one"]);
session_name("session_one");
}else{
session_name("session_one");
}
session_start();
$session = $_SESSION;
session_write_close();
print_r($session);
if(isset($_COOKIE["session_random"])){
session_id($_COOKIE["session_random"]);
session_name("session_random");
}else{
session_name("session_random");
}
session_start();
$_SESSION["other"] = array("this is another test");
print_r($_SESSION);
?>
The two sessions get combined. If you are not bothered by that, you should be good to go. Got some inspiration from here:
Can multiple independent $_SESSIONs be used in a single PHP script?
I know I can use $oldSession = session_name("mySessName"); to set the name of the session, which I do like so:
# FileName: sessionTest.php
$old_name = session_name("TEST");
session_start();
$_SESSION["hi"]="hi";
print_r($_SESSION);
I can even have another file: sessionTest1.php which contains the following:
# FileName: sessionTest.php
$old_name = session_name("TEST1");
session_start();
$_SESSION["Bar"]="bar";
print_r($_SESSION);
I can go back and forth between sessionTest.php and sessionTest1.php and the session will only have the corresponding variable.
The issue I am running into is suppose a different script already has a session started and then calls this file. What I am seeing is suppose I have:
session_name("other");
session_start();
$_SESSION["foo"] = "foo";
require_once "sessionTest.php";
print_r($_SESSION);
This is printing Array( "foo" => "foo", "hi" => "hi" ). Is there a way to end the previous session and start my session fresh. Note: I don't want to destroy the previous session as there may be valuable information in it.
what i do is make my SESSION 1 layer deeper then the standard. so i can just use that layer of the array.
some page:
<?php
$_SESSION['myApp1']['hi'] = "Hi";
?>
some other page:
<?php
$_SESSION['myApp2']['ciao'] = "Ciao";
?>
so when i want to see session vars on page 2 i just
<?php
echo "<pre>";
print_r($_SESSION['myApp2']);
echo "</pre>";
?>
use session_name before session_start.
PHP session_name
The session name is reset to the default value stored in session.name at request startup time. Thus, you need to call session_name() for every request (and before session_start() or session_register() are called).
read this SO answer:
Multiple Sessions
My website doesn't start a session when I visit, I don't know why but my website works like this:
<?php
session_start();
$title = "Home";
include("include/header.php");
include("include/functions.php");
?>
...HTML stuff here...
<?php
include("footer.php");
?>
But when I check with Cookies (add-on for Firefox) there are no sessions started... I used session_regenerate_id(); but it doesn't work at all.
It fails to log in since there are no sessions, I do not have any session_destroy() in my website, only in the logout.
But funny thing is, when I login (without refreshing or navigating just yet) and then click on the logout button, there is a session on my website, then when I log in again, it tells me that I am logged in BUT if I login and navigate or refresh, it doesn't tell me that I'm logged in since there are no sessions...
Logout:
<?php
session_start();
session_destroy();
setcookie("cookie-name", "", time()-60, "", "", 0);
header("Location: ../index.php");
exit;
?>
What do I do?
You must have session_start() at the beginning of every file that is being accessed and uses sessions. The name is misleading, session_start() actually doesn't start a new session but initialzes PHP session menagment.
Not sure if it's related, but there was a strange PHP quirk that required the SESSION_START() to be on the line immediately below the <?php tag. Something about whitespace and extra things above the session used to make it go haywire for me. I've been using Zend of late, which avoids that issue with its own session handling system.
You might try doing a print_r($_SESSION) to see if there's anything in the session array at all.
It's probably because you are not setting a session in either of the examples you have given, you have to have a line like the one below to actually create a session, and then to access the session variables on all subsequent pages you need session_start();
$_SESSION['example'] = 'something';
It doesn't look like your setting anything in the session or the cookie.
If you want to pass information around in the session you'll need to assign the necessary values in the $_SESSION variable.
For example on your main page you can do:
<?php
session_start();
$_SESSION['myVariable'] = "my text";
?>
And then on any subsequent pages you can access the variable you've set.
<?php
session_start();
echo $_SESSION['myVariable']; //This will print "my text"
?>