Perl/CGI reading PHP session cookies?

XML, Perl, Python, and other languages can be discussed here, even if it isn't PHP (We might forgive you).

Moderator: General Moderators

Post Reply
dillion
Forum Commoner
Posts: 56
Joined: Thu Feb 15, 2007 8:32 am

Perl/CGI reading PHP session cookies?

Post by dillion »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Is it possible for Perl to read session cookies set/written by a PHP script? I would like to use AWSTATS (written in Perl) and called from my custom-built CMS (written in PHP), and I currently use htaccess to password protect the AWSTATS folder but am trying to move away from it.

In CMS, a session is set if your login details provided are correct as follows:

Code: Select all

$_SESSION['username'] = $row['admin_username']
And am hoping to do something like (within the awstats.pl file)

Code: Select all

use CGI;

my $cgi = new CGI;

my $name = $cgi->cookie("username");
if ($name) { # if cookie is set
# redirect to authorised page
}
else {
# redirect to unauthorised page
}
But the cookie is always empty even when the PHP shows that it is not. Obviously I have limited experience with Perl so any advice would be greatly appreciated. :)

Btw, I already tried the following without success:
- PHP::Interpreter -- need to have --embed flag but I can't re- configure the PHP and would rather not mess around with PHP settings!
- PHP::Include -- Gave "Undefined subroutine include_php_vars" error when I ran the PL file. Google produces nothing.

Many thanks in advance.


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

$_SESSION['username'] is not a cookie, it is session variable, sessions are saved on the server in serialized format and the session id is saved in a cookie in the client browser.

I think you can try to read the session container from perl based on the session id cookie and retrieve the username.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Post by VladSun »

You may also try to parse the session files in /tmp (in case you use Linux):

Code: Select all

ls -l sess_*
-rw-------  1 www www   355 2007-08-02 09:40 sess_0b9598900c4564876e69581d2b505dda
-rw-------  1 www www   242 2007-08-02 16:27 sess_11ee0c4707038d76e0a557559c44ba2b
-rw-------  1 www www 30754 2007-08-01 15:36 sess_132585d92e317f11c9b3df009f92acef
-rw-------  1 www www    12 2007-08-01 19:29 sess_14d9d9fbdbfe46568ea15d1c7526f4b2
-rw-------  1 www www 27128 2007-08-01 17:50 sess_1a651069c6940bb22801c05bf03e9deb
-rw-------  1 www www   351 2007-08-02 18:27 sess_2752e4fd132fbd6fce08e60a5f67e031
-rw-------  1 www www 12372 2007-08-02 13:58 sess_2eda3e8ffe3bf7578317e35017dcfe8c
-rw-------  1 www www   248 2007-08-02 16:27 sess_2efd7d7522e3fa33cca409c2497a6da5

root@mail:/tmp# cat sess_14d9d9fbdbfe46568ea15d1c7526f4b2
files|a:0:{}
PS: Or you can have MySQL backend for storring cookies and have the Perl app read from its databse.
There are 10 types of people in this world, those who understand binary and those who don't
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Man, you're talking about Perl.. So it must have a module that already does this ;))

(5 minutes later: -> http://search.cpan.org/~miyagawa/PHP-Se ... Session.pm )
dillion
Forum Commoner
Posts: 56
Joined: Thu Feb 15, 2007 8:32 am

Post by dillion »

Many thanks for your responses! Sorry miro_igov - I keep forgotting! :D

VladSun / timvw -- maybe I am wrong but are these simply not PHPSESSID sessions (with a value of something like e2xj5ep5ql65k108u41ktamc30) which I don't require -- I meant the actual value of a particular session variable. So when you login and a variable is set ($_SESSION['username']), the value is "admin".

cheers
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

dillion wrote:timvw -- maybe I am wrong... I meant the actual value of a particular session variable.
Please have another look at the module, because it does give you read/write access to the values themselves..
dillion
Forum Commoner
Posts: 56
Joined: Thu Feb 15, 2007 8:32 am

Post by dillion »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


[quote="timvw"]Please have another look at the module, because it does give you read/write access to the values themselves..[/quote]

This is what I have:
[syntax="perl"]
  use PHP::Session;
  use CGI::Lite;
  my $session_name = 'username'; # change this if needed

  print "Content-type: text/plain\n\n";

  my $cgi = new CGI::Lite;

  my $cookies = $cgi->parse_cookies;
  if ($cookies->{$session_name}) {
     my $session = PHP::Session->new($cookies->{$session_name});
     # now, try to print uid variable from PHP session
     print "uid:",Dumper($session->get('uid'));
  } else {
     print "can't find session cookie $session_name";
  }
After logging in via CMS and confirming that $_SESSION['username'] is set/saved, the Perl code above just did not find it ("can't find session cookie" message). :/ AM I missing something silly?

Btw, the sess_* are not in /tmp and instead are in /var/lib/php/session/sess_* -- should I set the path in the constructor new?

cheers


feyd | Please use[/syntax]

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Afaik, it's documentation clearly says that you should pass in the session.save_path in the constructor (if it's not in the default /tmp)... As you (may or may not know) the session identifier is by default PHPSESSID (and usually there is no reason to change this)... So i wonder why you set it to 'username'...

Anyway, here is the code that i used:

[syntax="perl"]
use lib '/opt/users/timvw/perl/';  # i added this line because i haven't installed the module in my main repository...
use PHP::Session;
use CGI::Lite;

my $session_name = 'PHPSESSID'; 

print "Content-type: text/plain\n\n";

my $cgi = new CGI::Lite;
my $cookies = $cgi->parse_cookies;
if ($cookies->{$session_name}) 
{
 my $session = PHP::Session->new($cookies->{$session_name}, { save_path => '/var/php/' } );
 # now, try to print php's $_SESSION['username']
 print $session->get('username');
} 
else 
{
 print "can't find session cookie $session_name";
} 

feyd | Please use[/syntax]

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
dillion
Forum Commoner
Posts: 56
Joined: Thu Feb 15, 2007 8:32 am

Post by dillion »

timvw - many thanks for your help. I finally got the session value! :D

The documentation at CPAN was a bit limited but after your code and comments, I understand the module and Perl a bit more!

Thanks again. :)
Post Reply