I was wondering if any one could teach me how to use sessions in GAE php. I know that the usual method is to use session_start() in every page that wants the session to carry over and then assign variables using $_SESSION['name'].
But PHP on GAE is a bit confusing at times.
https://developers.google.com/appengine/docs/php/?hl=en#Sessions
I have some idea on memcache but dont know how to use it to store session variable. Can any one tell how I can create a session variable so that when I redirect using header the variables will be present too.
Eg.
First.php
session_start();
$_SESSION['name'] = Abilash;
header('location: second.php');
Second.php
session_start();
echo $_SESSION['name']; // should output Abilash.
Now how do I do that in GAE. Whenever I try to redirect using header the redirected page loads but the session variables are not passed through.
You should not need to do anything to get sessions working, as we automatically put them into memcache by default.
Perhaps the session cookie is not being passed by your browser for the second request. I'd turn on developer tools in chrome to make sure you see that the cookie is on the request and I'd also output the result of session_start() to check it's returning true.
You should not need to do anything to get sessions working, as we automatically put them into memcache by default.
was very misleading to me. It may worked back then. Nowadays, each PHP instance has it's own PHP session management by default. If you like centralized PHP session management stored in Google GAE memcache, you have to configure it!
A working possible legacy solution:
https://cloud.google.com/appengine/docs/standard/php-gen2/services/access#session
you need legacy bundled services for PHP
deployable just with the beta SDK: gcloud beta app deploy
Related
I need to share PHP sessions between multiple servers. However, I'm not sure how to maintain the session ID created on one server and how to pass it to the next server.
Essentially, a client can upload a file, but which server the file is sent to depends on which server is not overloaded.
For example, session_start() is called on test.com
An AJAX post is sent to serv1.test.com. When I call session_start() on serv1.test.com, I want it to pull the existing session information that was created by session_start() on test.com. However, that doesn't seem to be the way PHP sessions work?
I installed Memcached and followed this guide here:
https://www.digitalocean.com/community/tutorials/how-to-share-php-sessions-on-multiple-memcached-servers-on-ubuntu-14-04
I have one centralized memcache server that test.com and serv1.test.com are configured to use. However, session_start() creates a unique session on each server instead of reusing the same session. If I send the PHPSESSIONID to each server, then I can load the existing session.
How do I accomplish what I'm trying to do? I could send the PHPSESSIONID as a variable in the AJAX POST, but isn't that a security risk? That is something that could be changed by the user...
How do I get serv1.test.com to continue to use the same session set on test.com? How do I pass that session ID to serv1.test.com securely so I can use session_id("existingsessionid_from_test.com") to open the existing session?
The solution was to set the session.cookie_domain to include subdomains.
session.cookie_domain = ".test.com"
Thanks frz3993
I have a site that is delivered by PHP and every user has a Session stored in a php file when he is logged in.
My Question is: it is possible, without redis or memcached, to get the session from the php file to the node.js server or if not, how can I do it with redis an memcached?
No matter how you store your PHP sessions, if you want to share data with an outside application, it should be served up from your PHP application. This gives you the flexibility of changing your session handling later on, while avoiding writing some custom session data parsing code on your Node.js application.
<?php
session_id($_GET['sessionId']);
echo json_encode($_SESSION);
Then in your Node.js application, you can fetch /getSessionData.php?sessionId=0123456789abcdef or whatever. Note that you must lock this script down so that it is completely inaccessible except from your other applications. Otherwise, you would be opening yourself up to a nasty security hole. Also, if you aren't already rotating session IDs, you should re-write your session handler anyway so that it is hard to re-play requests with an old session ID.
I'm having problems with PHP sessions that only occur on my testing server (everything works fine on my localhost). I'm developing a custom Wordpress theme, based on Roots. My localhost is OS X (PHP 5.4.4) and the testing server is Ubuntu (5.3.10-1ubuntu3.8).
The problems include:
New sessions created each time I refresh the page (which I can see by rendering session_id() in the footer and checking /var/lib/php5/session)
Functions called through an AJAX request unable to access the correct session, even though session_name() and session_start() are called before they try
Other details:
I'm trying to save variables into a named session, so each time I call session_start() I'm currently doing it like this:
session_name('my_session'); //Not sure if this line strictly required
if (!session_id()) {
session_name('my_session');
session_start();
}
The above is first called in a function init_sessions, hooked into Wordpress like this: add_action('init', 'init_sessions');, then also used in the other files that need access to session variables (e.g. those requested via AJAX).
On localhost, I can see the session file created in /Applications/MAMP/tmp/php and also see a session appear under the Cookies tab in Firebug. However on my testing server, although (too many) session files are created in /var/lib/php5/session, I don't see the session appear in Firebug.
Running phpinfo() doesn't show any significant difference between the PHP directives on my localhost and those on my testing server.
The testing server is really two (Rackspace) servers with a load balancer, but I don't think this is an issue as session persistence is set up.
The testing server is set up as a subdomain e.g. test.my-domain.com.
I've got PHP error reporting turned on but haven't noticed any.
I've deactivated all other Wordpress plugins.
I'm sure it's more likely to be a problem with my script than Rackspace's set-up, but I'm a bit stumped at the moment. I'm particularly curious about why I can see session files created on the testing server in /var/lib/php5/session, but don't see them appear in Firebug's Cookies tab.
Any ideas very welcome. Thanks!
Ok - think I've identified what's going on (though not resolved it yet). It looks as though the problem is down to Varnish. When a user is logged-in, the session functions perfectly. Thanks to everyone that suggested a fix.
I'm split as to whether this is an SO question or a SF question, so I'm starting here.
We have a legacy application running under PHP 4 (don't ask), and some other code we need to run under PHP 5.
Session data that is set on the PHP 4 side doesn't seem to be visible/present when running code on the PHP 5/cgi side.
I'm doing a session_start, adding some session data under PHP 4, and then doing a var_dump of the session from PHP 5 and $_SESSION is null.
Has anyone got this working?
Environment:
Apache 2.2.x
PHP 4.4.9 (mod_php)
PHP 5.1.3 (cgi)
Centos 5.6
First, have you verified that the session.save_path is the same for both versions of PHP? You can get/set it with session_save_path().
Second, are you sure both PHP instances are using the same session ID, or is each version generating its own session ID? You can get/set it with session_id(). If they aren't, verify that the session.name is the same, or else they might be trying to load the session ID from different cookies. (Can be get/set with session_name().)
Even if both of the above match, I don't know whether or not they can even share a session like that. If not, you can define a custom session handler for both of them to use. That's how applications that are load-balanced usually work -- they have a custom session handler that saves session info wherever/however they want (usually in a database instead of files), and all servers can access that shared location. See session_set_save_handler().
I'm not exactly sure the question I should be asking. Sorry!
I'm working on re-doing my web site so as to be using PHP5. The server lives in a buddy's basement and I just ssh in to do my coding and view the pages just like any other page out there.
I keep track of login details in $_SESSION.
When I'm sitting at my home machine I can log into the site and everything is as I expect it in terms of the SESSION being available on all pages. When I log in on my work machine, I get a successful log in and can see the SESSION variables, but as soon as I go to another page the SESSION is gone as evidenced in session_id().
My previous web site built in PHP4 (and tweaked to keep PHP5 happy) does not exhibit this behavior allowing me to log in as expected at either location before and after the change to PHP5.
I guess I'm just looking for a clue as to what to explore next... Of all the puzzles I've encountered while teaching my self to code this one appears on the face, just crazy.
I think Jake is on to something about the cookies. Make sure your browser at work is set to accept cookies from that domain. Make sure there isn't any antivirus/antimal-ware that has disabled this. I'd use fiddler to watch the traffic and headers on your work machine, and your home machine. you should be able to quickly spot the difference since it sounds like a client issue.
It could be that the computer at work isn't supporting session cookies. It's been a while since I last read about PHP Sessions, but from what I remember...
session_start() is called.
php checks to see if the browser has sent a cookie to the server (a unique identifier needs to be supplied.
if so, it then checks checks on the server for a file with the name of the session id
if successful, it parses the file and sets the variables into the $_SESSION array
Notice that step one of this process is to actually start the session with session_start() this needs to be called before any output at all.
Have you got session_start() before output?
Do you make use of session_start() in your various php files ?
One way to get around this problem could be to store your sessions in a database.
This DevShed article by Rich Smith is a good place to start:
Storing PHP Sessions in a Database
The session is no longer saved as a file on the server, but rather an entry in the DB, and should solve any cookie issues.
Are the settings in php.ini for session.auto_start the same in both ini's?
See http://de3.php.net/manual/en/session.configuration.php#ini.session.auto-start