+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11)
+--- Thread: using cookie to transfer data into a CI3 app (/showthread.php?tid=80823)
using cookie to transfer data into a CI3 app - richb201 - 12-22-2021
I need to get data (an email address) from a php application (Onelogin) into my CI3 application. The Onelogin application (small php app) gets the data and sticks it in a session variable. But I have found that when my app starts and creates it own session variable, it obliterates the $_SESSION created by Onelogin.
So I came up with an idea where Onelogin creates a cookie called cookie_email. Then in my application I use
$em=get_cookie('cookie_email');
Then I looked at $em it is null. I also tried looking at $_COOKIE with my debugger. I can see a bunch of other cookies, but not cookie_email.
RE: using cookie to transfer data into a CI3 app - richb201 - 12-24-2021
OK. I managed to get the email address from the saml application via a cookie and into a CI3 application. I am however concerned that the correct user who was just authenticated gets their email address passed. One idea I have is to read the cookie and then delete the cookie. But this cookie passing scheme probably should be protected with a semaphore.
I took a look at the CI3 docs and don't see semaphores. Is there some way to serialize access to a shared resource in CI3?
RE: using cookie to transfer data into a CI3 app - richb201 - 12-25-2021
The cookie is not working. This is what happens: user A gets authenticated and the app reads the cookie as [email protected]. Now user B gets authenticated and now the cookie is [email protected]. Now user a switches tabs on the menu. My app gets the cookie but its [email protected]. Ie it is now the wrong user.
So cookies won't cut it. Any other ideas? I am now trying this:
if(!isset($_SESSION['userid'])) {
$_SESSION['userid']= $_COOKIE['cookie_email'];
I can only think of one other way to do this serially without interprocess communication. That is by creating a file.
This will only change the userid once per process.
RE: using cookie to transfer data into a CI3 app - kenjis - 12-25-2021
Do you know how cookie works?
RE: using cookie to transfer data into a CI3 app - richb201 - 12-27-2021
I managed to get the email address transferred via the cookie. Is this secure? I don't know but I am using ENV variables to keep passwords secure. Now, once I get the email address into the application and I push it into a environment variable I need to only allow that one person to access their pages.
Any recommendation on how to keep others from access the pages? I could set it up that if there is no email address, the program exits?
RE: using cookie to transfer data into a CI3 app - kenjis - 12-27-2021
> I managed to get the email address transferred via the cookie. Is this secure?
No. Cookie is not secure.
But when a user (or an attacker) changes the cookie value, if it is not a problem,
you are okay to use it.
RE: using cookie to transfer data into a CI3 app - fontoaz - 01-20-2022
Let’s do it in development mode.