I'm doing some basic integration between a CakePHP app and some external code. I want the external code to know if a user is logged in. The external code does not load CakePHP, so thought I would access that data directly using $_SESSION, but when I dump it it's an empty array, even when I'm logged into CakePHP.
Am I missing something? Why isn't the session data from CakePHP showing up?
You might need to play with your session ids and session name variables to get your external code to load the CakePHP session information.
For example, you will almost certainly need this:
session_name('CAKEPHP');
and you might need to pass across the session id from Cake, and possibly set the session save path as well.
You can read http://bakery.cakephp.org/articles/admad/2009/09/02/how-to-bend-cakephp-s-session-handling-to-your-needs
It will examplain you how to bend your cakephp session according to your need.
OR
You can see one more link which will solve your problem Use cakephp session with two different domains
Hope these two links will solve your problem!
Related
Currently I am doing a project which runs both on Zend Framework (For Web site) and phone gap (For Mobile). I need to use the same code for website and web service for mobile.
Now I am facing the below mentioned issue,
The web service which I am calling from phone gap is to create the session and the session was created successfully. Now i am calling the another web service to get the user details based on session id. But the details are not displaying, because the session id is giving empty. So can you please suggest how can i proceed with this?
Thanks in advance
Session is not shareable. Try saving session id to database (or file) and than read it from server side.
Can you please give more information about how sessions are managed?
From the look of it, you might need to to use both $_SESSION and potentially an implementation of the SessionClassHandler interface to store sessions in a central database.
Also you might have issues with cookies, so you might need to pass the session id via URL. But this is very insecure so if this is the case, make sure that you at least use https or put oher mecanisms in place.
I hope this helps
I am setting up a user session from a core php app that is located in example.com/corephp/, now I want to redirect this user to example.com (the main site) which is in cakephp.
How can I retain the user session from the core php app to cakephp app?
I triend setting $_SESSION['user'] = someone and $_SESSION['token'] = token from core php app and tried to retrieve that value from cakephp but it didn't work.
I tried to google for this but no proper answer that could work.
Thanks in advance.
---------------------- edit
I have tried adding session_name('CAKEPHP'); to the core php app.
As well as tried to reduce the security level of my cake app from medium to low.
Didn't test, but try this.
In your corephp app:
$_SESSION['Auth']['User'] = $someone;
My reasoning is that it will set the $_SESSION, but maybe CakePHP doesn't recognize it for some reason. So we set it the right way using Cake's API:
In CakePHP
$this->Session->write('Auth.User', $_SESSION['Auth']['User']);
Always use the session wrappers. thats what they are there for
in the controller:
http://book.cakephp.org/2.0/en/controllers/components.html#using-components
in the view:
http://book.cakephp.org/2.0/en/core-libraries/helpers/session.html
everywhere else:
http://book.cakephp.org/2.0/en/development/sessions.html#reading-writing-session-data
never ever access it using $_SESSION and you should be fine (cake inits the session for you and takes care of a lot of things behind the hood).
if you share the session make sure you set the session name equally. both should also use the same session type (php probably).
I am creating a setup, where I have multiple drupal websites running. I am working on a single sign on, but I want to check if the calls to my websites are made from the same person. Is there like a browser cookie or something with which I can identify a user ?
It's like a session identifier but across multiple websites.
Does anyone know what I can use for this ?
Thanks in advance
If you are tying to do single sign on with Drupal I recommend looking at the bakery module. You may find that what you are looking for has already been implemented.
You could use the Login Cookie module to set your own cookie
I fixed it, by doing a redirect to one single website, which gives me an encrypted version of your session ID and then redirects you back to the website where you came from, where that key is stored in the local session of the SESSION
Have you tried to use PHPs standard session functions?
I am using Mage::getSingleton("customer/session") to be able to login to Magento externally. Problem is, this seems to clear up other $_SESSION variables I have set.
How can I have the entire cake and be able to login to Magento plus setting normal SESSION-variables?
I assume this answer might apply to you also: Magento external login will not create session cookie
In essence try first creating the Magento session before you create the other session.
If that doesn't help you might need to provide additional code so a good answer can be supplied.
I mean you can login both https://mail.google.com/ and https://mail.google.com/a/company.com at the same time.
The projects I've attended so far haven't involved such kind of logic,how can these two url under the same domain use different $_SESSION?
I think there is not inbuilt session management feature in PHP.
You can use variable specific management in session.
for eg.
one login from https://mail.google.com/ then store all it's session data in $_SESSION['gmail'][X] , $_SESSION['gmail'][Y],$_SESSION['gmail'][Z]
and then in when another user login from https://mail.google.cpm/a/company.com then store all it's session data in $_SESSION['company'][X],$_SESSION['company'][Y],$_SESSION['company'][Z]
so by this, you can separate those two sessions from each other.
Those two URLs share the same domain. Only the subfolders are different. Usually with PHP, the cookie which saves the session id is valid for the whole domain and not only a specific subfolder. So there should be no problem using the session data with the same domain.
Maulik Vora's answer will work, but another way to do it is to configure PHP to used URL-based session ID passing. That way every tab or window has a separate session. See this page for information on how to do it, and why you may or may not want to. Here's the docs for it.