At the moment I have a folder with Laravel's app (login and registration) and another folder with the rest of the website (outside Laravel and written in core PHP)
Since sessions in Laravel cannot be shared with core PHP I would like to store username's details (after login or registration) on a cookie and then read it outside Laravel's app. So far I tried adding my cookie to EncryptCookies so it wont be encrypted and then populating it with setcookie("Test", 'dsadsadsa1234',15,""); but when I try to echo it outside with core PHP with echo $_COOKIE['Test']; it's empty.
Is there any other way of sharing information between Laravel and plain PHP? I know having a cookie with sensitive information is not secure at all so I was thinking on encrypting it along with some other text so I can then decrypt it and verify if it was tampered or not but I'm not sure if this is the correct approach.
Within Laravel
setcookie("test", 'dsadsadsa1234',15,"/"); //<-- 4th parameter is a slash here
Within PHP
echo $_COOKIE['test']
That 4th parameter in Laravel setCookie() sets the variable at the project root
Related
This might be way out of my league but I need to have a php page with login security that is obtained from the cookie that is created from ASP.NET login page. I can get the cookie _ASPXAUTH in the php but I'm not sure where to go from there.
PHP:
$authCookie = $_COOKIE['_ASPXAUTH'];
This is the encrypted cookie and I'm not sure how I would go about using the cookie to allow authentication?
If I have a php login form then I would need to encrypt and match the cookie, thus needing a new login page, If i just check if cookie exist then thats no form of security. Sorry for the noob question I'm mainly looking for a direction to go.
PHP and ASP.NET are both on the same site/domain.
Unfortunately I don't know any existing solution dedicated for PHP, but there is existing solution written in node.js: https://github.com/LeanKit-Labs/aspxauth
This package allows you to encrypt login/password into cookie which can be after compared with existing cookie. I think that you can rewrite this code into PHP version, it's not much code.
I am writing a project in laravel and I need to use the session system but I have no access to cookies (So it needs to function without cookies)
I have got a rough idea on how I will do it i will include hidden fields in forms/get requests etc, but my question is how would i override laravels session system to fetch a session based on my custom token rather than the standard cookie token.
I am using a existing php application which has different interfaces like admin, agent and customer.
I have created a new agent interface using codeignitor. FOr login into agent portal, I am using the existing agent login page from old application but after login is successful my new agent interface is supposed to be loaded.
In the old application, there are sessions used and the agent_id is stored in the session variable.
when I am trying to use this session variable in my new code, I get an error message ...variable can't be found. How can I use the session variable from my first application into my new interface?
when I print the session name in my first application and in one of new codeignitor code page,, I can see both the sessions are different. I think this is the problem because codeignitor manages its session.
I searched on the google and came to know about the sessions settings save path and all, I am not sure what exactly I need to do here to resolve this.
Remember both projects/applications should exist on the same server
By default codeignitor follows the COOKIE's as a session so you have to ovwerwrite that library with any of the PHP native session libraries.
Then pass the session_id to that project through CRUL or POST or URL in a two way encrypted format. Don't forget to encrypt the session id
From Project 1 :
//to get the session id
$id = session_id();
//do some custom encryption
$id = 'ajhkdhfasjdhfajsdfhkjadf';
**Ref:**
http://www.php.net/manual/en/function.mcrypt-encrypt.php
From Project 2:
Ref:
http://www.php.net/manual/en/function.mcrypt-decrypt.php
The initialize the session id before start the session like below
//do some custom encryption
$id = $this->input->get('id');
//decrypt the value
session_id($id);
session_start();
Now you can access the session values.
when I print the session name in my first application and in one of
new codeignitor code page,, I can see both the sessions are different.
I think this is the problem because codeignitor manages its session.
You are correct about CI handling its own sessions, the way around this issue is to use the native session library.
https://github.com/EllisLab/CodeIgniter/wiki/Native-session
The other way is to make CI use database sessions and just pass the session ID to your new application so you can select the correct data from the database.
I am using Elgg Application, Inside FB connect plugin i am starting Session and setting some variables in the same folder i am accessing this session attributes its working fine..
But i included one more php file, after log-in if i directly call this page through url session_status is 1 but in other two folders its is set...
How to set session here also, their should be any link between pages to session variables
can any one help...
Fb_connect folder
str= "var/www/elgg/mod/fb_connect
import-contact-plugin-str="var/www/elgg/mod/importer.
new php file i added
url=var/www/elgg/engine/sample.php
When you work with Elgg, you shouldn't change its core. Almost everything can be done by plugins, and that's the preferred way of working with Elgg.
Elgg sessions are kept in database and session start is called on system boot event. When you're in plugin context however, the session is already in place, no need to to additional session_start call.
So if you decide to go on modifying the core, you should run your logic from callback registered to boot system:
elgg_register_event_handler('boot', 'system', YOUR_CALLBACK);
I am setting up a user session from a core php app that is located in example.com/corephp/, now I want to redirect this user to example.com (the main site) which is in cakephp.
How can I retain the user session from the core php app to cakephp app?
I triend setting $_SESSION['user'] = someone and $_SESSION['token'] = token from core php app and tried to retrieve that value from cakephp but it didn't work.
I tried to google for this but no proper answer that could work.
Thanks in advance.
---------------------- edit
I have tried adding session_name('CAKEPHP'); to the core php app.
As well as tried to reduce the security level of my cake app from medium to low.
Didn't test, but try this.
In your corephp app:
$_SESSION['Auth']['User'] = $someone;
My reasoning is that it will set the $_SESSION, but maybe CakePHP doesn't recognize it for some reason. So we set it the right way using Cake's API:
In CakePHP
$this->Session->write('Auth.User', $_SESSION['Auth']['User']);
Always use the session wrappers. thats what they are there for
in the controller:
http://book.cakephp.org/2.0/en/controllers/components.html#using-components
in the view:
http://book.cakephp.org/2.0/en/core-libraries/helpers/session.html
everywhere else:
http://book.cakephp.org/2.0/en/development/sessions.html#reading-writing-session-data
never ever access it using $_SESSION and you should be fine (cake inits the session for you and takes care of a lot of things behind the hood).
if you share the session make sure you set the session name equally. both should also use the same session type (php probably).