tags:

views:

441

answers:

3
Q: 

Need to carry on browser "session" when calling another php script through CURL

I have a "primary" PHP script (actually a set of scripts) all of whom the user interacts with through the browser. I've had no problems using the site as the session information works from page to page.

However, one of the scripts needs to directly call another "secondary" php script on my site using CURL and that "secondary" script needs to get information about the php session (which contains the currently logged in user, etc) from the "primary". I need to pass on the session information from the "primary" php script to the "secondary" one in CURL. Any suggestions on how I can do that?

No, I dont want to use cookies here (too insecure).

A: 

I know you said you don't want to use cookies because they're insecure. In the following solution, the client side session cookie is "forwarded" on to a second request. Forwarding a cookie to the local machine should create no security disadvantages.

You can pass the session cookie from the client browser to the new, server-side request (thanks to Ben for pointing out session_name).

$curl_cookies = session_name() . '=' . session_id() . '; path=/';
curl_setopt($ch, CURLOPT_COOKIE, $curl_cookies);

For simplicity, I'm only passing in the PHPSESSID cookie (I'm also assuming it is your session's cookie key).

Brian McKenna  2009-10-21 03:21:30
Hi Brian, Ben - I'm working on your suggestions, but am sending the session_id() as a GET parameter to my "secondary" script. However, when I do the following in the second script and try to load the first one, the browser just hangs and does not load the page.$sessionid = urldecode($_GET['sessionid']);session_id($sessionid);session_start();What do I need to do to tell the second script to use the first one's session?
Steve  2009-10-21 04:57:07
A: 

PHP sessions are almost by definition tied to a cookie (though can also be passed as a request parameter). So forwarding the session ID cookie might be the best way to go, assuming both scripts are on the same PHP install.

You can use session_name() to get the session name/cookie name, which is by default PHPSESSID like Brian points out.

Ben  2009-10-21 03:39:57
A: 

why not just send an http query string parameter with the session id in it?

for instance (in pseudocode):

curl.send('http://myserver.com/myapplication.php?session%5Fid=' . getSessionId());

David  2009-10-22 02:21:54

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases