Page 1 of 1

PHP session problem

Posted: Wed Jun 25, 2014 8:22 am
by michal10802
Hi, i have folowing problem.
I have one main page that contains iframe page. I need to send post request from main page to login page of iframe page. All works great if post request from main page is posting via web form. Then on iframe page user are authentificated and stored in session variable and iframe page works and showing pages for only authorized user.
Problem is when i trying different way of posting request to frame login page, for example via jquery or via curl from php. Then session variable not storred and iframe page not working and not showing pages for authorized user.
Can anyone help?

Re: PHP session problem

Posted: Thu Jun 26, 2014 10:08 pm
by Christopher
The session variable is stored, but some of these sessions may be within the same request. If so use session_write_close() to write the session data back. Then you need to make sure that you are re-reading the session data.

Re: PHP session problem

Posted: Fri Jun 27, 2014 4:13 am
by michal10802
thx for reply.
But i am not sure, if i understand exactly what you mean.
I tried use session_write_close() after setting session but nothing happens.
Could you be please more specified what you meant with "make sure that you are re-reading the session data."
Thansk a lot

Re: PHP session problem

Posted: Fri Jun 27, 2014 10:22 am
by Christopher
michal10802 wrote:Could you be please more specified what you meant with "make sure that you are re-reading the session data."
If you just go HTTP request to HTTP request then PHP sessions work easily. But it sounds like you are using Ajax or cURL to do some of the requests. If you do that you need to make sure that those request are using the same session ID as the page that is calling them (especially for cURL). And understand that if you update session data in an Ajax call (for example) that the session data on the current page will not be updated. You need to make another request to get the updated session data. Remember that session data is read at the beginning of a HTTP request and written at the end. Also be aware that if you are doing async calls that the one writing the session data may end after the one reading the session data.

Re: PHP session problem

Posted: Mon Jun 30, 2014 7:31 am
by michal10802
and how to set session id to curl request? i try it with adding PHPSESSID with value to the requesting url and adding to the curl option
CURLOPT_COOKIE => session_name().'='.session_id(), and both didnt work, still session not stored.
Can anyone different idea where i am do wrong? or it is even possible to do something that?

Re: PHP session problem

Posted: Mon Jun 30, 2014 9:49 pm
by Christopher
Is cURL calling a script on the same domain?

In the manual I found this example that shows getting the session ID and writing the session data before calling cURL:

Code: Select all

<?php
session_start();
$strCookie = 'PHPSESSID=' . $_COOKIE['PHPSESSID'] . '; path=/';
session_write_close();

$curl_handle = curl_init('enter_external_url_here');
curl_setopt( $curl_handle, CURLOPT_COOKIE, $strCookie );
curl_exec($curl_handle);
curl_close($curl_handle);
?> 

Re: PHP session problem

Posted: Tue Jul 01, 2014 12:20 am
by michal10802
i found this manual too but not worked, but i found too that curl after call curl_close clean any session, which was stored on server during curl request.
So curl is not right option for my problem.
Then i tried different way how send request to my iframe page. I try Header("Location: ".$url) and then on iframe page after processed request redirect back. All works, all session are stored but i must send all data in url as get parameter and it is not safe because it contains password too.
So it is any way to send or any way to do redirection with additional post data to another domain except curl?

Re: PHP session problem

Posted: Tue Jul 01, 2014 11:31 am
by Christopher
You should be able to get cURL to work. If you are doing redirection then you need to call session_write_close() before redirecting because both pages are in the same HTTP request.

You have not posted any code, so it is not possible to tell what you are doing wrong. If you can code a small test script that demonstrates the problem then perhaps someone can help.