I am using a existing php application which has different interfaces like admin, agent and customer.
I have created a new agent interface using codeignitor. FOr login into agent portal, I am using the existing agent login page from old application but after login is successful my new agent interface is supposed to be loaded.
In the old application, there are sessions used and the agent_id is stored in the session variable.
when I am trying to use this session variable in my new code, I get an error message ...variable can't be found. How can I use the session variable from my first application into my new interface?
when I print the session name in my first application and in one of new codeignitor code page,, I can see both the sessions are different. I think this is the problem because codeignitor manages its session.
I searched on the google and came to know about the sessions settings save path and all, I am not sure what exactly I need to do here to resolve this.
Remember both projects/applications should exist on the same server
By default codeignitor follows the COOKIE's as a session so you have to ovwerwrite that library with any of the PHP native session libraries.
Then pass the session_id to that project through CRUL or POST or URL in a two way encrypted format. Don't forget to encrypt the session id
From Project 1 :
//to get the session id
$id = session_id();
//do some custom encryption
$id = 'ajhkdhfasjdhfajsdfhkjadf';
**Ref:**
http://www.php.net/manual/en/function.mcrypt-encrypt.php
From Project 2:
Ref:
http://www.php.net/manual/en/function.mcrypt-decrypt.php
The initialize the session id before start the session like below
//do some custom encryption
$id = $this->input->get('id');
//decrypt the value
session_id($id);
session_start();
Now you can access the session values.
when I print the session name in my first application and in one of
new codeignitor code page,, I can see both the sessions are different.
I think this is the problem because codeignitor manages its session.
You are correct about CI handling its own sessions, the way around this issue is to use the native session library.
https://github.com/EllisLab/CodeIgniter/wiki/Native-session
The other way is to make CI use database sessions and just pass the session ID to your new application so you can select the correct data from the database.
Related
I ned to set a session per every user, so when the user log ou from his account and login again in another account the old session will not be shown but the new that related to his new account will be shown
I am using the normal method in laravel to do it
Session::put('key', 'value');
But the problem as explained is that the session will br shown in all user using this computer
Session ids are supposed to be non-guessable. You're going to have to resolve (attempted) duplicates serverside. If you search through every existing session for a match then your not going to be able to scale this / its going to be very slow. That means you need an access path to the session data based on the username AS WELL AS the session id.
There are lots of solutions to this. I don't think any of them are exposed directly in Laravel.
You need to deal with maintaining the mapping directly in the session management - so you will need a custom session handler. The session handler deals with serialized data - so you need to think about how the username is resolved within the session handler. You could put it in the session and deserialize the data again the handler, or read the value from a global variable. Or you could write a prototytype of the session into a database with the sessionid as the primary key and the username as an indexed lookup before the session close handler is called.
Another approach would be to store the session as the username rather than using the session id. You still need to protect the username though and avoid session fixation, hence you would need to explicity generate the session id using a mechansim where only you can recover the username from it, e.g.
$data=array($username, openssl_random_pseudo_bytes(16));
$sessionid = encrypt(serialize($data), $your_secret_key);
(You still need to write your own session handler for this).
I need to get an ID of current session. Using httpRequest's cookies is not a good idea because session gets regenerated after login or by whatever action.
I also tried Session class but for getting a session ID it is needed to specify a section which Nette uses to split the application. However I couldn't find out the section name.
There's method getSession() available in a presenter, so for accessing the session ID you can use:
$sessionId = $this->getSession()->getId();
I have a website for my website with 20 api calls (REST). for every call the user/pass input is required.
The API calls can be made from C++, Python, PHP, Java, ASP etc...
the issue I have now is it creates tons of sessions. I want to change this to allow all calls to re-use the session id assigned.
so the first call will be to "authenticate", this return a token (encrypted session id)
then I decrypt this token and check if the session id exists in the database. If it does, i want to load or assign this session
I found a pge from ellislab explaining session but it does not help me since this page creates new session.
example:
call #1: authenticate(user,password)
call #2: get_report(token, 1) // get report id 1
call #3: add_user(token, [array of user data])
How can i reuse the session in codeigniter?
You just need to save the token in session if not exist.
1) Get the token form your request like username I think user name is unique for you.
2)
$this->load->library('session');
$user_data = $this->session->userdata('$username');
if(!empty($user_data)){
//use the same session
}else{
$this->session->set_userdata('$username', 'isvalid');
}
I have some questions about the mechanism of session in code igniter framework:
1. isn't it exactly like working with a cookie? because what I have seen is that all the session data is send back as a cookie to the browser. so when another request is made then all the data is sent back with the cookie session.
2. the session data is sent back to the browser. even though it is encrypted, I can still identify all the session items, so isn't it easy to change the encrypted value of that item to an encrypt value, like changing an item called loged_in from false to true
3. when saving session data in a database, is the session data automatically deleted?
4. why is it written in code igniter documentation that "Session IDs can never be updated, they can only be generated when a new session is created". so when regenerating the session id in the cookie session how will we be able to compare it to the session id that is stored in the database?
The Session class does not utilize native PHP sessions. CI session library generates cookie when you initialize session in CodeIgniter. So actually sessions in CodeIgniter is a Cookie.
Setup Encryption Key on your config.php file and I'm sure that will resolve an issue you are having. Even CI session document says - "Even if you are not using encrypted sessions, you must set an encryption key in your config file which is used to aid in preventing session data manipulation."
I personally never tried DB Session but YES CI deletes expired sessions stored in DB. CI Documentation says - "The Session class has built-in garbage collection which clears out expired sessions", which explains pretty much about this question.
CI has taken care of this situation. When regenerating session id, CI replaces old session id stored in DB with new session id. If you can take a look in to Session library; check for sess_update() method for more details and you can see how CI is updating new session id in DB.
I need to transfer the user session across servers. ie. If user logged in server1 and if the user exists in server2 , then I have to transfer the user session details to server2. For this I used the following technique
From server1, redirect user to http://server2/auth_from_server1.php?sessionid=12345
On server2 (internally, in the PHP code of auth_from_server1.php), do a request to http://server1/secret/check_session_id.php with the sessionid, 12345.
On server1, in the implementation of check_session_id.php, validate the ID and return OK, FAILURE, and session related data you want to pass, such as username, ...
On server2, when the call returns with OK, store the transferred session data, and give the user a cookie and session for this server.
But when the call back function call the auth_from_server1.php the value in session id is null. I tryed to check the sessionid as
if(isset($_SESSION['sessionId']))
echo 'true';
else
echo 'false';
But $_SESSION['sessionId'] is null. In login page I am setting the value for session id as
$_SESSION['sessionId'] = session_id();
Thanks in advance....
Wouldnt it be easier to just store session data in a shared directory?
Alternatively you can store it in a database.
I would suggest writing a custom PHP session handler or using a prebuilt session handler like ShareDance. You can store session information in a MySQL database shared amongst the two machines, a SQLite file, etc.
There are many benefits to using PHP's built in ability to get/set session data by using session_set_save_handler() namely, that all calls to get or set from $_SESSION will work in your application code without any additional modification.
More information can be found here:
http://php.net/manual/en/function.session-set-save-handler.php
A tutorial on writing custom session handlers (old but still relevant) is here:
http://devzone.zend.com/article/141
When server 2 calls server1/secret/check_session_id.php it has to submit the session ID like server1/secret/check_session_id.php?sessionid=12345 and in check_session_id.php you have to call session_id($_GET['sessionid']) before session_start().
Another opportunity could be sharing the filesystem.
Since PHP puts the session in the filesystem, you could share the filesystem (sshfs for example) on both servers.
the setting for changing the destination directory in the php.ini is
session.save_path
This problem can quickly get out hand when you start adding more and more severs to the problem. One of the best solutions that I have found is to store the session on a database and share that database with the servers. Redis typically works great for this. Here is a great guide to get started with redis
I think to store an id of a user in DB is the most appropriate way to do this.It is an error proof way.
Cheers