I have logged a user into the app on the site and retrieved their details using EpiTwitter/Twtitter-Async. I then want to process these and others through an ajax call and post a new tweet on success.
Specificially, my problem lies with reusing the cookie, i see they are gettting set but I cannot see how to reuse them in later pages. what function do I call?
Thanks
In the php file that catches the ajax request you can access the cookie information in $_COOKIE. It should automatically be sent with the ajax request.
http://php.net/manual/en/features.cookies.php
Related
I have a php backend for API's and I am using Angular5 for my frontend. I was wondering, how can I handle sessions on Angular? I tried reading the documentation and was unable to come up with anything.
After login if I am making any request it is creating different session id?
for the frontend, if you want to access the values from the browser and send it to sever as well try storing the values in local storage which are very simple to set as well as to get in angular.
just you need to write is
localStorage.setItem('yourstoragename', JSON.stringify({ token: token, name: name }));
to access this you can write as
var name = JSON.parse(localStorage.getItem('yourstoragename'));
console.log(name);
Session data is something handled by the server-side, and the client (Angular in your case) is not able to read it.
The client (Browser for example) can get the session_id, and store additional information to be kept (Not secured information, as you can see all cookies's data with DevTools for example).
In most cases, after post of the login, the server will give you a token that you can use with later requests, so on your side you have to keep that token, and use it with the following requests to the PHP Server.
Refs:
https://coderwall.com/p/8wrxfw/goodbye-php-sessions-hello-json-web-tokens
I was able to use $_SESSION in my PHP to handle user login with ionic-angular-3.9.2. Using {withCredentials: true} in the Angular HttpClient requests was the part I had a hard time finding. I posted a detailed answer in my reply to this question (other solutions are there also):Why session PHP can’t be used with Ionic?
PHP curl can't simulate the login information on this website, http://livearchive.onlinejudge.org/, and it return a sentence ,You are not authorized to view this page!
cURL should be able to simulate the login just fine.
Make sure you:
POST the data to the login URL.
Fetch the login page to get the correct nonce data and such.
Store the cookie afterwards and use it for further requests
How to POST data
See answer to the the question Passing $_POST values with cURL
How to fetch the proper form data
Use a HTML parser library to parse the webpage and extract the fields. You could for instance use DOMDocument, and use getElementById to get the form you desire.
How to store the cookie and use it for further requests
This is explained on the page PHP cURL and cookies.
Since its just a question i would expect you also need an explanation and not any script.
Curl can Login perfectly to the site you mention but you need to get your parameters right.
Your URL should be pointed to : http://livearchive.onlinejudge.org/index.php?option=com_comprofiler&task=login and with the following variables
username=
passwd=
op2=login
lang=english
force_session=1
return=B%3AaHR0cDovL2xpdmVhcmNoaXZlLm9ubGluZWp1ZGdlLm9yZy8%3D
message=0
loginfrom=loginmodule
cbsecuritym3=cbm_02099e1c_6e2810f8_97a3f622ba6c000cb557bd8458534f61&j2ffb0ca892d8cf58942dfbea23559ed2=1
remember=yes
Submit=Login
Please take note of cbsecuritym3 variable and you also need to send 2 Cookie information that look eg. mosvisitor=1; 8ca25fe06780267eef1b49296a9a99ce=249baaaba68197c9b1681e57d69c3193
If all this are properly sent you would be able to login
I am currently building a flash game, and I've created an iframe app for that
Now the html is in the index file, as well as the php script that handles the requests from the flash object.
The problem is that when the user opens my app, he sees the flash object and I get a user id echoed, but whenever the flash object sends a request to index.php (the same file where the whole html and the flash embed is), I don't get a user id (I'm using the function getUser(), should be fine, right?).
I don't know why I couldn't find any similar questions, might just be me.
Your flash application doesn't sent signed_request to your php script (and probably any other session identifier too, if any), so you're not able to get the desired info.
You should add signed_request (and/or session identifier) parameter to request issuing to your php script...
You can pass signed_request to flash via flashvars on initialization or via call to JavaScript which will provide this data to flash so it can be passed with every request from flash to server...
Another option is to use Facebook JavaScript SDK which will set cookie with name fbsr_APPID which will contain signed_request so it may be accessed from flash.
I am trying to read a cookie which I've set with javascript, jQuery Cookie Plugin specifically, and then after that I'm reading it with PHP to write it into a database.
For some reason the cookie is being created on page load, but doesn't "exist" until the page is refreshed. Which means that I'm pumping blank fields into my database tables.
The only way I can think of doing it is to AJAX out to a script which creates the cookie. Or ajax out to a script which returns the data to me in json.
The use case is that I'm creating a simple analytics class for an internal project, and I'd like to write into the database the users resolution, colour depth and all that jazz, which I'm using screen.width etc to get.
Cookie data are sent to the server (and forwarded to the PHP interpreter) when the client performs the request. Therefore, a cookie set by JavaScript on the client after the page has been requested from the server will not be transmitted until the next request to same server.
What you'll have to do is to perform some kind of request (could be done via AJAX) where a PHP script handles the incoming cookie information and stores it in the DB.
#jensgram is right. These two scenarios can happen:
User requests your page and (s)he hasn't the cookie. You render the response via PHP, but you can't see the cookie at server. Response gets delivered to the browser and on DOMReady (or events like that) you set the cookie. User sends another request (via interaction with your page). Here you have the cookie at server.
User already has the cookie (coming back to your site) and sends a request. You render the response via PHP, but this time, cookie is available in first shot. The rest is the same.
Two suggestions:
To prevent inserting null (or empty) values into your DB, first check to see if cookie exists or not. If not, simply try to set it.
For implementing Analytics, predefined patterns exist. For example, instead of setting a cookie, you can include your script on every page, and on load of each page, you can get the information you need, and send an asynchronous ajax request to your Analytics Collector PHP file. No need for cookie :)
I'm building a PHP-based web app and am integrating a Flash-based charting engine. The Flash chart needs to make a AJAX request for its data. This request fails because it is seen as a new user agent and doesn't contain the PHP session cookie to identify it. So, it gets redirected to the login page.
I've read a few hacks to make this work, including supplying the session ID on the querystring, but that opens up security holes. How can I get Flash and PHP to share cookie-based session state automatically and stay secure?
In IE it will work naively. In firefox, the only way to achieve this is to POST the session id into the flash script (the php processor that is), and have it restore the session from that.
If the session cookie is initiated early enough, then it should be OK. I've had a similar problem with cookies shared between JavaScript AJAX and Flash requests (if you want to call that AJAX too, go ahead :-) ), and we solved them by making sure the JavaSCript finished the request that initiated the cookie early enough so that when the Flash sent the request, the browser already had the session cookie.
Also making sure the cookie path was set to "/" was a good idea.
That being said, if you can't get it to work - as dirkgently said - you can store the information in the HTML DOM using a JavaScript AJAX call, and then fetch it from the Flash object using an ExternalInterface call. But do make sure to set at least "allowScriptAccess=sameDomain" on your Flash object
You should be aware that transmitting a session ID in a Cookie: header, or in the argument field of the GET HTTP directive is of no different security.
Use ExternalInterface to talk to the Flex chart. Some browser related information can be passed around via the LoaderContext and BrowserManager classes as well. Dig in a bit into the AS3 documentation.
you can try and send to php 2 parameters one session_id and a second one that is an key that combines some information from the client ( ex ip ) and encrypt it with a key stored on the server and on the request from flash you check to see the second paramaters matches the client request, this way if somebody trys to do a session stealing they cant because they will not match the second param