I am setting up a user session from a core php app that is located in example.com/corephp/, now I want to redirect this user to example.com (the main site) which is in cakephp.
How can I retain the user session from the core php app to cakephp app?
I triend setting $_SESSION['user'] = someone and $_SESSION['token'] = token from core php app and tried to retrieve that value from cakephp but it didn't work.
I tried to google for this but no proper answer that could work.
Thanks in advance.
---------------------- edit
I have tried adding session_name('CAKEPHP'); to the core php app.
As well as tried to reduce the security level of my cake app from medium to low.
Didn't test, but try this.
In your corephp app:
$_SESSION['Auth']['User'] = $someone;
My reasoning is that it will set the $_SESSION, but maybe CakePHP doesn't recognize it for some reason. So we set it the right way using Cake's API:
In CakePHP
$this->Session->write('Auth.User', $_SESSION['Auth']['User']);
Always use the session wrappers. thats what they are there for
in the controller:
http://book.cakephp.org/2.0/en/controllers/components.html#using-components
in the view:
http://book.cakephp.org/2.0/en/core-libraries/helpers/session.html
everywhere else:
http://book.cakephp.org/2.0/en/development/sessions.html#reading-writing-session-data
never ever access it using $_SESSION and you should be fine (cake inits the session for you and takes care of a lot of things behind the hood).
if you share the session make sure you set the session name equally. both should also use the same session type (php probably).
Related
Currently I am doing a project which runs both on Zend Framework (For Web site) and phone gap (For Mobile). I need to use the same code for website and web service for mobile.
Now I am facing the below mentioned issue,
The web service which I am calling from phone gap is to create the session and the session was created successfully. Now i am calling the another web service to get the user details based on session id. But the details are not displaying, because the session id is giving empty. So can you please suggest how can i proceed with this?
Thanks in advance
Session is not shareable. Try saving session id to database (or file) and than read it from server side.
Can you please give more information about how sessions are managed?
From the look of it, you might need to to use both $_SESSION and potentially an implementation of the SessionClassHandler interface to store sessions in a central database.
Also you might have issues with cookies, so you might need to pass the session id via URL. But this is very insecure so if this is the case, make sure that you at least use https or put oher mecanisms in place.
I hope this helps
I'm doing some basic integration between a CakePHP app and some external code. I want the external code to know if a user is logged in. The external code does not load CakePHP, so thought I would access that data directly using $_SESSION, but when I dump it it's an empty array, even when I'm logged into CakePHP.
Am I missing something? Why isn't the session data from CakePHP showing up?
You might need to play with your session ids and session name variables to get your external code to load the CakePHP session information.
For example, you will almost certainly need this:
session_name('CAKEPHP');
and you might need to pass across the session id from Cake, and possibly set the session save path as well.
You can read http://bakery.cakephp.org/articles/admad/2009/09/02/how-to-bend-cakephp-s-session-handling-to-your-needs
It will examplain you how to bend your cakephp session according to your need.
OR
You can see one more link which will solve your problem Use cakephp session with two different domains
Hope these two links will solve your problem!
I'm using a module called FB JS Connect (a free extension, and I can't seem to find it in Extensions now.) All it does is allow users to login using their Facebook ID.
It works pretty well, and uses FB API.
The problem is that, a user logs into OC using the FB Connect button, do something, then logs out. Another user logs in (not using FB Connect button), and the previous user's FB information is still in $_SESSION !
The 4 variables persist in $_SESSION are listed below, until new FB user logs in :
fb__state
fb__user_id
fb__code
fb__access_token
I don't dare to mess around in the code to "fix" this issue without expert advices because it might break a lot of things.
I guess I'll need to clear this manually.
I tried putting the following in index.php, and it seems that $session = new Session(); in index.php is called multiple times when user logs in.
// Session
$session = new Session();
unset($session->data['fb_<FBAppId>_state']);
unset($session->data['fb_<FBAppId>_code']);
unset($session->data['fb_<FBAppId>_user_id']);
unset($session->data['fb_<FBAppId>_access_token']);
$registry->set('session', $session);
What's the best way to handle this?
Place the above "unset" code into logout.php and this will fix it.
I am having trouble with this specific extension as well and also cannot find it anymore in the OC extensions repo. My suggestion is to use another extension: http://www.opencart.com/index.php?route=extension/extension/info&extension_id=3333
I'm currently integrating two php applications:
A large bespoke PHP web app built over many years, and not written in CakePHP.
A small CakePHP dashboarding app (jSlate).
The cake app is on the same domain and in a subfolder of the main app.
In the CakePHP app I need to access data that was set in $_SESSION by the main bespoke app, but it doesn't appear accessible. I assume Cake is doing something with the session data. Is it storing it somewhere I can access it and if so how?
I've tried the answer from Accessing cakephp session variable from a php script?, namely:
session_name('CAKEPHP');
session_start();
print_r($_SESSION);
But it doesn't contain the session variable I need.
The main app needs to specify a session_name before setting its variables:
session_name('MAINAPP');
$_SESSION['foo'] = 'bar';
Then in the CakePHP app, you can access this via:
session_name('MAINAPP');
$foo = $_SESSION['foo'];
session_name('CAKEAPP');
The final line is important as it resets the session name back to that of the Cake App, without which the cake session variables would be inaccessible.
Alternatively you could set the main app and the cake app to use the same session name, but this introduces the possibility of naming conflicts.
I have my own login system, and I want MediaWiki to share the same session. I'm trying to have my login system automatically login to my MediaWiki too which means I would probably have to share the same user database too.
Advice?
Not sure if this is exactly what you want, but we use LDAP Authentication.
The session is set in includes/GlobalFunctions.php. If you want to fake a user login to mediawiki after the user logs in to your system, you'll need to make sure that the cookie parameters match (e.g. the cookie URL must be the same); have a look at the arguments they use to construct it in the call to session_set_cookie_params.
Once you've got the session set up correctly, you'll need to load a user and inject it to the session so that when mediawiki goes to check if the user is logged in, it finds your injected user and goes right ahead. Look in includes/User.php, the User::loadFromSession call looks like a promising place to figure out what they expect to find there.
If you make changes directly to the MediaWiki source, you'll have a hard time upgrading to future versions of MediaWiki. It would be much better to use the existing authentication plugin framework:
http://www.mediawiki.org/wiki/AuthPlugin
You didn't specify what your existing login system is, but if you're lucky somebody has already built a plugin for it:
http://www.mediawiki.org/wiki/Category:User_identity_extensions