Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming How to get userdata from encrypted sessions database according to session id?
How to get userdata from encrypted sessions database according to session id?
  • El Forum
    Guest
  •  
#11
07-16-2010, 08:33 AM

[eluser]Christophe28[/eluser]
And it works! :-)

First I post the encrypted cookie to the controller (photos/upload) without setting any post_parameters in JavaScript (but using swfupload.cookies.js)

Then I catch the encrypted cookie in the controller, decode it and get the user_data from the sessions database using the session_id from the users cookie.

And there it is without modifying or extending the sessions class :-)

Code:
// catch the encrypted cookie from POST
        $enc_cookie = $this->input->post('my_sess_cook');
        
        // decode the encrypted cookie
        $cookie = $this->encrypt->decode($enc_cookie);
        $session = unserialize($cookie);

        $this->load->model('sessions_model');
        $session_info = $this->sessions_model->get_session_info($session['session_id']);
        
        // unserialize the user_data which was send back from the database
        $user_data = unserialize($session_info->user_data);
        
        // tada
        $username = $user_data['username'];

Glad it works!

Thx for all the help!

Christophe
  • El Forum
    Guest
  •  
#12
07-17-2010, 06:26 AM

[eluser]Christophe28[/eluser]
Ok, I yelled too soon :-( That must have been. It works! ... for about 300 seconds.

After a lot of testing I have noticed that the Flash uploader only works without the session has been updated. In other words, the flash uploader only works all the time when I set $config['sess_time_to_update'] to 99999999999999;

But I don't know if this is a good idea? Security is very important in my application. I do use encrypted cookies.

Any suggestions?

However, I'm glad I got this far Smile

Best from Belgium,
Christophe
PS: Belgium is that little country at the South of the Netherlands.
  • El Forum
    Guest
  •  
#13
07-17-2010, 08:16 AM

[eluser]WanWizard[/eluser]
I know where Belgium is, I live 10km from Brussels... :lol:

The session class by default rotates the session_id every 300 seconds, for security reasons. One of the reasons you shouldn't bypass CI's session system.

How to use SWFupload:

When generating the view that holds the SWFupload object, fetch the session_id using $this->session->userdata('session_id'), pass this to the view, and make it known to SWFupload using addPostParam() so SWFupload sends it back in the post when you start the upload.

In your controller, get the posted session_id, and retrieve the session record. To do it properly, you should extend the session library, and create a sess_read() method that allows you to load a session based on the posted session_id. For added security, you should encrypt the session id.

To prevent CI from rotating the session_id during an ajax call, see this topic.
  • El Forum
    Guest
  •  
#14
07-17-2010, 12:11 PM

[eluser]Christophe28[/eluser]
Hi compatriot,

You said:

"When generating the view that holds the SWFupload object, fetch the session_id using $this->session->userdata(‘session_id’), pass this to the view, and make it known to SWFupload using addPostParam() so SWFupload sends it back in the post when you start the upload."

But how can you pass this to the JavaScript file? You can't just put <?php echo $session_id; ?> in a .js file. How is this commonly done?

Then you said to create a sess_read() in an extended class of the session class. Can you perhaps share some code with me Smile

And if you use encrypted cookies ... would it be a problem to simply not updating the sessions?

Thanks for all the help! I really want to do this properly!

Christophe
  • El Forum
    Guest
  •  
#15
07-17-2010, 03:35 PM

[eluser]pickupman[/eluser]
Quote:But how can you pass this to the JavaScript file? You can’t just put <?php echo $session_id; ?> in a .js file. How is this commonly done?

Sometimes you need to use a php file extension. As long as it falls in a script tag to include the source. It will get parsed as php by the server, and interpreted by the browser as javascript. With CI, other than including jQuery source or plugins, all of my js scripting is done in php files.
  • El Forum
    Guest
  •  
#16
07-18-2010, 12:58 AM

[eluser]WanWizard[/eluser]
Correct.

Just generate the javascript code needed to load SWFupload in your view, where you have access to server side variables.
  • El Forum
    Guest
  •  
#17
07-18-2010, 05:55 AM

[eluser]Christophe28[/eluser]
Hello,

When I include a JavaScript file with a .php extension the variable is not set? But when I paste the JavaScript code on the actual view file and set a <?php echo $session_id; ?> there, the session_id is set ...

So I figured you can only use this when the JavaScript is set in the actual view, or am I missing something?

Btw, when using the solution on the link WanWizard posted (to prevent CI handles an AJAX request like a normal request), well ... that didn't work out. Could this be because I use jQuery?

Christophe
  • El Forum
    Guest
  •  
#18
07-18-2010, 06:27 PM

[eluser]pickupman[/eluser]
In my main view (template), I have:
Code:
if(isset($custom_jquery)) echo $custom_jquery;

Then in a controller when I need a plugin or certain script for that one page, I use in my controller:
Code:
$data['custom_jquery'] = $this->load->view('some_jquery_view', $data, TRUE); //save output to $data array




Theme © iAndrew 2016 - Forum software by © MyBB