Page 1 of 1

fsockopen() and sessions

Posted: Mon Sep 15, 2008 1:57 am
by SBro
I'm trying to authenticate a user using fsockopen(), get the session id and pass it to subsequent page requests I make using fsockopen(). I can successfully authenticate the user by sending required username/password values to the login page. When I read the response, I was under the impression the session would be contained in the header "Set-Cookie" that is returned. I have tried using this value however with no luck.

Secondly when I have the correct session value how do I pass it to subsequent pages? just via ?PHPSESSID=abc ? thanks for the help.

Re: fsockopen() and sessions

Posted: Mon Sep 15, 2008 6:24 am
by Kadanis
put session_start(); at the top of the page to initiate the session

session_id() returns the current session id and the global array $_SESSION[''] allows you to get and put values.

e.g.

Code: Select all

 
 
<?php
session_start();
 
$_SESSION['test'] = 'Hello World!';
 
echo session_id() . " " . $_SESSION['test'];
 
?>
 
example code would output

f52299eb60b30025a21c7cb43878bcc7 Hello World!

(although your session id will be different).

Re: fsockopen() and sessions

Posted: Mon Sep 15, 2008 5:47 pm
by SBro
Thanks for your response, but I'm not sure it's as simple as that. I'm aware of how to use sessions and the $_SESSION array, and have tried what you suggested without luck. The problem lies in getting the correct session id set as a result of sending a request via fsockopen e.g.

Code: Select all

 
$request = "POST /login.php HTTP/1.1\n " .
"Host: http://www.example.com\n " .
"User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)\n " . 
"Content-Type: application/x-www-form-urlencoded\n " .
"Connection: keep-alive\n " .
"Content-Length: 38\n " .
"\n " .
"username=abcd&password=1234\n";
 
fwrite($fp, $request);
 
while (!feof($fp)) {
    $response[] = fgets($fp, 128);
}
 
Now I know from the data I get in $response that the request has been authenticated using the details I submit. What I need to know is the PHPSESSID from that response somehow, so as I can pass it to future requests using fsockopen(), thanks.

Re: fsockopen() and sessions

Posted: Mon Sep 15, 2008 8:22 pm
by SBro
Fixed via getting the session from the response header "Set-Cookie: session=abcd" and sending this via "Cookie: session=abcd" in subsequent requests, simple really :)