I'm currently integrating two php applications:
A large bespoke PHP web app built over many years, and not written in CakePHP.
A small CakePHP dashboarding app (jSlate).
The cake app is on the same domain and in a subfolder of the main app.
In the CakePHP app I need to access data that was set in $_SESSION by the main bespoke app, but it doesn't appear accessible. I assume Cake is doing something with the session data. Is it storing it somewhere I can access it and if so how?
I've tried the answer from Accessing cakephp session variable from a php script?, namely:
session_name('CAKEPHP');
session_start();
print_r($_SESSION);
But it doesn't contain the session variable I need.
The main app needs to specify a session_name before setting its variables:
session_name('MAINAPP');
$_SESSION['foo'] = 'bar';
Then in the CakePHP app, you can access this via:
session_name('MAINAPP');
$foo = $_SESSION['foo'];
session_name('CAKEAPP');
The final line is important as it resets the session name back to that of the Cake App, without which the cake session variables would be inaccessible.
Alternatively you could set the main app and the cake app to use the same session name, but this introduces the possibility of naming conflicts.
Related
At the moment I have a folder with Laravel's app (login and registration) and another folder with the rest of the website (outside Laravel and written in core PHP)
Since sessions in Laravel cannot be shared with core PHP I would like to store username's details (after login or registration) on a cookie and then read it outside Laravel's app. So far I tried adding my cookie to EncryptCookies so it wont be encrypted and then populating it with setcookie("Test", 'dsadsadsa1234',15,""); but when I try to echo it outside with core PHP with echo $_COOKIE['Test']; it's empty.
Is there any other way of sharing information between Laravel and plain PHP? I know having a cookie with sensitive information is not secure at all so I was thinking on encrypting it along with some other text so I can then decrypt it and verify if it was tampered or not but I'm not sure if this is the correct approach.
Within Laravel
setcookie("test", 'dsadsadsa1234',15,"/"); //<-- 4th parameter is a slash here
Within PHP
echo $_COOKIE['test']
That 4th parameter in Laravel setCookie() sets the variable at the project root
I am using a existing php application which has different interfaces like admin, agent and customer.
I have created a new agent interface using codeignitor. FOr login into agent portal, I am using the existing agent login page from old application but after login is successful my new agent interface is supposed to be loaded.
In the old application, there are sessions used and the agent_id is stored in the session variable.
when I am trying to use this session variable in my new code, I get an error message ...variable can't be found. How can I use the session variable from my first application into my new interface?
when I print the session name in my first application and in one of new codeignitor code page,, I can see both the sessions are different. I think this is the problem because codeignitor manages its session.
I searched on the google and came to know about the sessions settings save path and all, I am not sure what exactly I need to do here to resolve this.
Remember both projects/applications should exist on the same server
By default codeignitor follows the COOKIE's as a session so you have to ovwerwrite that library with any of the PHP native session libraries.
Then pass the session_id to that project through CRUL or POST or URL in a two way encrypted format. Don't forget to encrypt the session id
From Project 1 :
//to get the session id
$id = session_id();
//do some custom encryption
$id = 'ajhkdhfasjdhfajsdfhkjadf';
**Ref:**
http://www.php.net/manual/en/function.mcrypt-encrypt.php
From Project 2:
Ref:
http://www.php.net/manual/en/function.mcrypt-decrypt.php
The initialize the session id before start the session like below
//do some custom encryption
$id = $this->input->get('id');
//decrypt the value
session_id($id);
session_start();
Now you can access the session values.
when I print the session name in my first application and in one of
new codeignitor code page,, I can see both the sessions are different.
I think this is the problem because codeignitor manages its session.
You are correct about CI handling its own sessions, the way around this issue is to use the native session library.
https://github.com/EllisLab/CodeIgniter/wiki/Native-session
The other way is to make CI use database sessions and just pass the session ID to your new application so you can select the correct data from the database.
basically on my web development server, i have several website projects going. I ran into the issue where one of my website projects session variable was conflicting with another website project's session variable. Both of those website projects are under the same server. So is there a good way of distiungishing the variables between the website projects? hope this makes sense...
also both of the websites are membership type websites, so i'm using the same session variables for the membership portion of the websites.
and both of the websites are on the codeigniter framework. So using codeigniter, how do I get around this issue?
Just use session_name
Example :
session_name("WebsiteID");
You can use session_name function (http://php.net/manual/en/function.session-name.php) to give each site a unique session name. Read the notes carefully about when to set the session name (basically before any other session functions).
Another method would be to use the "path" feature to restrict to the path of your website (http://www.php.net/manual/en/function.session-set-cookie-params.php). This way, the session cookie will only be visible to scripts on or beneath the path you set. (Make sure you delete any cookies at the "root" level first, as these will be visible but all sub-directories!)
Or if you're doing it manually with cookies, prefix the name of the cookie with something unique. SetCookie('WebsiteName_' . 'session', ID, time, path etc).
What I do is to have a config file for each site, which I require_once in every php file.
In this config file I specify things like the DB parameters (user, password, etc) and a session header:
$config['sess_header'] = 'site1';
When I create or query the session I use this sess_header, for example:
$_SESSION[$config['sess_header']]['user_id'] = $user_id;
I am setting up a user session from a core php app that is located in example.com/corephp/, now I want to redirect this user to example.com (the main site) which is in cakephp.
How can I retain the user session from the core php app to cakephp app?
I triend setting $_SESSION['user'] = someone and $_SESSION['token'] = token from core php app and tried to retrieve that value from cakephp but it didn't work.
I tried to google for this but no proper answer that could work.
Thanks in advance.
---------------------- edit
I have tried adding session_name('CAKEPHP'); to the core php app.
As well as tried to reduce the security level of my cake app from medium to low.
Didn't test, but try this.
In your corephp app:
$_SESSION['Auth']['User'] = $someone;
My reasoning is that it will set the $_SESSION, but maybe CakePHP doesn't recognize it for some reason. So we set it the right way using Cake's API:
In CakePHP
$this->Session->write('Auth.User', $_SESSION['Auth']['User']);
Always use the session wrappers. thats what they are there for
in the controller:
http://book.cakephp.org/2.0/en/controllers/components.html#using-components
in the view:
http://book.cakephp.org/2.0/en/core-libraries/helpers/session.html
everywhere else:
http://book.cakephp.org/2.0/en/development/sessions.html#reading-writing-session-data
never ever access it using $_SESSION and you should be fine (cake inits the session for you and takes care of a lot of things behind the hood).
if you share the session make sure you set the session name equally. both should also use the same session type (php probably).
I have a web application that's deployed at http://myserver/app1, I've also got another instance of the application that's accessed at http://myserver/app2.
Basically, when I log into app1, I am also logged into app2as. Obviously each instance of the application is identical.
What would be the best way of restricting each instance of the application to be unique and completely independent, so authorization and authentication was applied on each instance individually?
You could change the name that the cookie uses for the second app. If it's using $_SESSION just use session_name(). You're going to need to run that before anything else.
You could use a different session name, but it would be more appropriate to change the domain or path on the session cookie using session_set_cookie_params()