views:

121

answers:

2

Hi,

I've got a python/WSGI app which needs to check to see if a user has logged on to a PHP web app. The problem is that the PHP app checks if a user has logged on by comparing a value in the $_SESSION variable to a value in the cookie from the user's browser. I would prefer to avoid changing the behavior of the php app if at all possible.

My questions:

  1. Is there anyway I can access the session variables from within python? Where should I start to look?

  2. Are there any obvious security/performance issues I should be aware of when taking this approach?

+2  A: 
  1. yep. session (in default) is a regular file. so all what you need is look over session directory and find file with name of session cookie value. then - you have to implement php-like serialize/unserialize and do whatever you want.

  2. nope

zerkms
You might want to look at: http://hurring.com/scott/code/python/serialize/
David Wolever
i knew it's already implemented ;-)
zerkms
A: 

Depends on the PHP app, if it's keeping session data in a database (MySQL maybe) you can just connect to the database and get the data, if it's using native PHP sessions you should look to the session.save_path config setting in php.ini, that's the place where the runtime saves files with the session data.

Once you have the data you can parse it to get it unserialized, take a look at how serialize() and unserialize() work in PHP.

Dinu Florin