Page 1 of 1
Perl/CGI reading PHP session cookies?
Posted: Thu Aug 02, 2007 9:59 am
by dillion
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Is it possible for Perl to read session cookies set/written by a PHP script? I would like to use AWSTATS (written in Perl) and called from my custom-built CMS (written in PHP), and I currently use htaccess to password protect the AWSTATS folder but am trying to move away from it.
In CMS, a session is set if your login details provided are correct as follows:
Code: Select all
$_SESSION['username'] = $row['admin_username']
And am hoping to do something like (within the awstats.pl file)
Code: Select all
use CGI;
my $cgi = new CGI;
my $name = $cgi->cookie("username");
if ($name) { # if cookie is set
# redirect to authorised page
}
else {
# redirect to unauthorised page
}
But the cookie is always empty even when the PHP shows that it is not. Obviously I have limited experience with Perl so any advice would be greatly appreciated.
Btw, I already tried the following without success:
- PHP::Interpreter -- need to have --embed flag but I can't re- configure the PHP and would rather not mess around with PHP settings!
- PHP::Include -- Gave "Undefined subroutine include_php_vars" error when I ran the PL file. Google produces nothing.
Many thanks in advance.
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Posted: Thu Aug 02, 2007 12:32 pm
by miro_igov
$_SESSION['username'] is not a cookie, it is session variable, sessions are saved on the server in serialized format and the session id is saved in a cookie in the client browser.
I think you can try to read the session container from perl based on the session id cookie and retrieve the username.
Posted: Thu Aug 02, 2007 2:09 pm
by VladSun
You may also try to parse the session files in /tmp (in case you use Linux):
Code: Select all
ls -l sess_*
-rw------- 1 www www 355 2007-08-02 09:40 sess_0b9598900c4564876e69581d2b505dda
-rw------- 1 www www 242 2007-08-02 16:27 sess_11ee0c4707038d76e0a557559c44ba2b
-rw------- 1 www www 30754 2007-08-01 15:36 sess_132585d92e317f11c9b3df009f92acef
-rw------- 1 www www 12 2007-08-01 19:29 sess_14d9d9fbdbfe46568ea15d1c7526f4b2
-rw------- 1 www www 27128 2007-08-01 17:50 sess_1a651069c6940bb22801c05bf03e9deb
-rw------- 1 www www 351 2007-08-02 18:27 sess_2752e4fd132fbd6fce08e60a5f67e031
-rw------- 1 www www 12372 2007-08-02 13:58 sess_2eda3e8ffe3bf7578317e35017dcfe8c
-rw------- 1 www www 248 2007-08-02 16:27 sess_2efd7d7522e3fa33cca409c2497a6da5
root@mail:/tmp# cat sess_14d9d9fbdbfe46568ea15d1c7526f4b2
files|a:0:{}
PS: Or you can have MySQL backend for storring cookies and have the Perl app read from its databse.
Posted: Thu Aug 02, 2007 6:55 pm
by timvw
Man, you're talking about Perl.. So it must have a module that already does this

)
(5 minutes later: ->
http://search.cpan.org/~miyagawa/PHP-Se ... Session.pm )
Posted: Fri Aug 03, 2007 4:31 am
by dillion
Many thanks for your responses! Sorry miro_igov - I keep forgotting!
VladSun / timvw -- maybe I am wrong but are these simply not PHPSESSID sessions (with a value of something like e2xj5ep5ql65k108u41ktamc30) which I don't require -- I meant the actual value of a particular session variable. So when you login and a variable is set ($_SESSION['username']), the value is "admin".
cheers
Posted: Fri Aug 03, 2007 8:31 am
by timvw
dillion wrote:timvw -- maybe I am wrong... I meant the actual value of a particular session variable.
Please have another look at the module, because it does give you read/write access to the values themselves..
Posted: Fri Aug 03, 2007 11:32 am
by dillion
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
[quote="timvw"]Please have another look at the module, because it does give you read/write access to the values themselves..[/quote]
This is what I have:
[syntax="perl"]
use PHP::Session;
use CGI::Lite;
my $session_name = 'username'; # change this if needed
print "Content-type: text/plain\n\n";
my $cgi = new CGI::Lite;
my $cookies = $cgi->parse_cookies;
if ($cookies->{$session_name}) {
my $session = PHP::Session->new($cookies->{$session_name});
# now, try to print uid variable from PHP session
print "uid:",Dumper($session->get('uid'));
} else {
print "can't find session cookie $session_name";
}
After logging in via CMS and confirming that $_SESSION['username'] is set/saved, the Perl code above just did not find it ("can't find session cookie" message). :/ AM I missing something silly?
Btw, the sess_* are not in /tmp and instead are in /var/lib/php/session/sess_* -- should I set the path in the constructor new?
cheers
feyd | Please use[/syntax]Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Posted: Fri Aug 03, 2007 6:48 pm
by timvw
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Afaik, it's documentation clearly says that you should pass in the session.save_path in the constructor (if it's not in the default /tmp)... As you (may or may not know) the session identifier is by default PHPSESSID (and usually there is no reason to change this)... So i wonder why you set it to 'username'...
Anyway, here is the code that i used:
[syntax="perl"]
use lib '/opt/users/timvw/perl/'; # i added this line because i haven't installed the module in my main repository...
use PHP::Session;
use CGI::Lite;
my $session_name = 'PHPSESSID';
print "Content-type: text/plain\n\n";
my $cgi = new CGI::Lite;
my $cookies = $cgi->parse_cookies;
if ($cookies->{$session_name})
{
my $session = PHP::Session->new($cookies->{$session_name}, { save_path => '/var/php/' } );
# now, try to print php's $_SESSION['username']
print $session->get('username');
}
else
{
print "can't find session cookie $session_name";
}
feyd | Please use[/syntax]Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Posted: Mon Aug 06, 2007 3:19 am
by dillion
timvw - many thanks for your help. I finally got the session value!
The documentation at CPAN was a bit limited but after your code and comments, I understand the module and Perl a bit more!
Thanks again.
