I am trying to develop an Apache 2 module that, among other functions, should intercept certain POST variables, and then establish a PHP session underneath, setting all the relevant session variables.
One option I've considered was using cookie libraries to set the PHPSESSID in the request, and then insert all these values in the $_SESSION associative array.
Problem is I can't seem to find an API for the PHP, and my suspicions that these values actually lie underneath, in the Apache server itself, are currently unfounded.
Does anyone know if this is even possible? Or even if I am overlooking a simple workaround that would work?
I eventually decided to write a PHP extension, alongside another handler on my Apache Module, since I prefer to parse some POST vars there.
The module will "chew" the data that needs to be saved to the session, and pass it off as new POST variables, after criptografically validating the data. The PHP extension will then start a new session, and set each item as a Session variable.
This assumes my module will run before the PHP module itself. In case that doesn't happen, I will have to handle the validation on PHP, or try to force the handler to run before PHP somehow.
Related
I need to save the value of a variable to use on another page. What is the best way to do this?
$ _SESSION is not a possibility because it will be executed by cronjob.
apc_store seemed to me an excellent function for this but it does not seem to work anymore or needs to install extension on server to work.
Is there any native PHP alternative?
Edit:
I use Curl to get the value in a site1 and saved in a variable then it is redirected to Site2 where I want to retrieve the value of that variable. Using POST is not possible because it is a form and would conflict the data that the form needs with the data I am passing. The application does not use DB, creating one so this would be bad.
Cookies falls into the same SESSION problem (I'm using cronjob)
I think the best solution would be a txt file manipulated by file_put_contents.
Would that be the only solution?
apc_store seemed to me an excellent function for this but it does not seem to work anymore or needs to install extension on server to work.
The APC variable cache is not suitable for this application -- it isn't shared between the web server and CLI scripts, and values stored in the cache may be evicted at any time.
If you need a value to be reliably stored across executions of a CLI script, write it to a file or store it in a database.
I was wondering if any one could teach me how to use sessions in GAE php. I know that the usual method is to use session_start() in every page that wants the session to carry over and then assign variables using $_SESSION['name'].
But PHP on GAE is a bit confusing at times.
https://developers.google.com/appengine/docs/php/?hl=en#Sessions
I have some idea on memcache but dont know how to use it to store session variable. Can any one tell how I can create a session variable so that when I redirect using header the variables will be present too.
Eg.
First.php
session_start();
$_SESSION['name'] = Abilash;
header('location: second.php');
Second.php
session_start();
echo $_SESSION['name']; // should output Abilash.
Now how do I do that in GAE. Whenever I try to redirect using header the redirected page loads but the session variables are not passed through.
You should not need to do anything to get sessions working, as we automatically put them into memcache by default.
Perhaps the session cookie is not being passed by your browser for the second request. I'd turn on developer tools in chrome to make sure you see that the cookie is on the request and I'd also output the result of session_start() to check it's returning true.
You should not need to do anything to get sessions working, as we automatically put them into memcache by default.
was very misleading to me. It may worked back then. Nowadays, each PHP instance has it's own PHP session management by default. If you like centralized PHP session management stored in Google GAE memcache, you have to configure it!
A working possible legacy solution:
https://cloud.google.com/appengine/docs/standard/php-gen2/services/access#session
you need legacy bundled services for PHP
deployable just with the beta SDK: gcloud beta app deploy
Hi is there anyway to store variable into memory until server restart or manually recreate the same variable using PHP.
Actually the problem is this I nee do have a router in my application which have several configuration to route the URLs on different APIs. I do not want to load my configuration each time a request lands so I am searching a way to keep the configuration data into memory until I manually recreate the same.
Please suggest if there is anyway to do this.
Thanks in Advanced.
PHP stores all variables in memory until the process exits (if the variable is a global) or until the scope ends (if the variable is local).
I think where you're getting confused is that Apache (or whatever webserver you're using) runs continuously, but it only starts PHP for every request, so PHP is never running continuously.
To store things across different requests, you'll need to use external persistence. You can do this with PHP sessions, a database, flat files, etc. but none of these will store the data in memory.
Even though it's external, you can use a caching server like memcached to store data in memory continuously, and then use PHP to access it through the Memcached class.
I am writing a brand new website and I'd like to make sure that it scales out easily if I ever get to the point where I must host the site on multiple machines with a load balancer.
The user of the website can be authenticated. In other words, I need to maintain some state information. My first reflex was to use Session variables but then I am going to be limited to a single machine. I know that there are ways to store the session variables outside (in a DB, redis, memcached) but is that the only options?
What are the alternative to session variable? How Facebook and other big web sites are doing this?
P.S. I am not looking for another session handler (DB, redis, etc.). I'd like to know if there a way to completely get rid of session variables.
Ever heard of session_set_save_handler? It allows you to use mechanisms other than the default PHP session handler (the one that writes sess_xxxxxxxxxxxx files in tmp directory).
You can write your own session handler that uses a database. This could be a time consuming task; so you can stick with the default PHP session handlers for the time being and transparently switch to database when you are ready. You probably won't have to rewrite any code except implementing and plugging in your version of the six session handling functions.
You can look into caching, i.e using Zend cache or APC cache, for example.
I'm split as to whether this is an SO question or a SF question, so I'm starting here.
We have a legacy application running under PHP 4 (don't ask), and some other code we need to run under PHP 5.
Session data that is set on the PHP 4 side doesn't seem to be visible/present when running code on the PHP 5/cgi side.
I'm doing a session_start, adding some session data under PHP 4, and then doing a var_dump of the session from PHP 5 and $_SESSION is null.
Has anyone got this working?
Environment:
Apache 2.2.x
PHP 4.4.9 (mod_php)
PHP 5.1.3 (cgi)
Centos 5.6
First, have you verified that the session.save_path is the same for both versions of PHP? You can get/set it with session_save_path().
Second, are you sure both PHP instances are using the same session ID, or is each version generating its own session ID? You can get/set it with session_id(). If they aren't, verify that the session.name is the same, or else they might be trying to load the session ID from different cookies. (Can be get/set with session_name().)
Even if both of the above match, I don't know whether or not they can even share a session like that. If not, you can define a custom session handler for both of them to use. That's how applications that are load-balanced usually work -- they have a custom session handler that saves session info wherever/however they want (usually in a database instead of files), and all servers can access that shared location. See session_set_save_handler().