• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Using existing session data from a non-CI website in a CodeIgniter website

#1
I have two websites on the same server -
1) subdomain.mydomain.com where users log in. I setup a session cookie with domain as .mydomain.com
2) my second website is at mydomain.com which is a CI powered website and I got a plain php file at mydomain.com/plain.php

In subdomain.mydomain.com/login.php I setup session cookie as

PHP Code:
session_name('mysess');
session_set_cookie_params(0'/''.mydomain.com');
session_start(); 


In http://mydomain.com/Plain.php

PHP Code:
session_name('mysess');
session_set_cookie_params(0'/''.mydomain.com');
session_start();
echo 
'<pre>'print_r($_SESSION); 

In My CodeIgniter website http://subdomain.mydomain.com/application/config.php

PHP Code:
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'mysess';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = NULL;
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '.mydomain.com'
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_httponly'] = FALSE


Once users login at subdomain.mydomain.com I can see the session data at mydomain.com/plain.php without any issues but as soon as I view any page on mydomain.com/mycontroller/mymethod it overwrites the session data and I lose all the session data set after login at subdomain.mydomain.com

I need that data to see that if a user is logged in or not. I don't want users to login twice that's why I setup cookie as above.
What changes do I need to make in CI config to be able to get that data?
Reply

#2
Update: I tried changing $config['sess_expiration'] = 7200; to $config['sess_expiration'] = 0;

and $config['cookie_prefix'] = ''; to $config['cookie_prefix'] = 'myprefix'; but that didn't help.


All I see on my CI page which has Print_r($_SESSION):

PHP Code:
Array
(
    [
__ci_last_regenerate] => 1506167810


Where as plain.php shows me all the session data.
Reply

#3
(09-23-2017, 05:05 AM)happyape Wrote: Update: I tried changing $config['sess_expiration'] = 7200; to $config['sess_expiration'] = 0;

and $config['cookie_prefix'] = ''; to $config['cookie_prefix'] = 'myprefix'; but that didn't help.


All I see on my CI page which has Print_r($_SESSION):

PHP Code:
Array
(
 
   [__ci_last_regenerate] => 1506167810


Where as plain.php shows me all the session data.

Codeigniter change the save path of the session. it is not the same as the default from php.
Reply

#4
I have changed the session_save_path of session files to a same location on both of the sites and I can see the session files generated in this directory. I have noticed the below -

If session ID is 5656adfasdfa564654654656 and cookie name in CI ($config['sess_cookie_name']) is "mysess" the session file generated by CI is mysess5656adfasdfa564654654656

Whereas is the file generated by non-CI website is named as sess_5656adfasdfa564654654656

I have learnt that sess_ is hardcoded? I think If I can make these file names as the same then I would be able to use the same session data (I hope).
Reply

#5
Another update -

I added session handler similar to this http://php.net/manual/en/class.sessionha...erface.php to create file name same as CI but it works intermittently i.e. if I try to view CI page after logging in at non_CI it logs me out but on my second attempt it preserves the session ... Hmmm??

On my further investigation I have found that CI generate session ID 40 characters long where as my non-CI site generates 32 characters long.

Is this because of different php versions? CI is on php 7 and non-CI is on php 5.6 ??
Reply

#6
Maybe I am wrong, and it probably makes no difference, but how about trying:


PHP Code:
ini_set('session.name''mysess'); 


before your call to session_set_cookie_params.

That's the way it's done in CodeIgniter's Session.php, instead of using the session_name() function.
Reply

#7
(09-23-2017, 09:54 AM)skunkbad Wrote: Maybe I am wrong, and it probably makes no difference, but how about trying:


PHP Code:
ini_set('session.name''mysess'); 


before your call to session_set_cookie_params.

That's the way it's done in CodeIgniter's Session.php, instead of using the session_name() function.

Thank you but I think I have kind of hacked my way to make the names same on both of my websites. The real issue seems to be different session_id character length for the file names. Do you think it's difference in php version causing it or some CI setup??

This is what is happening now.

If I go to non-CI website and login the session cookie is still getting overwritten as soon as I visit any CI page.

But if I visit CI page first then login on non-CI website and then come back on CI page I can view the session data .... because plain php sees that a session has already been started (by CI) and just writes data into that file.
Reply

#8
Session class has a method _configure_sid_length() that may provide some clues. Like for instance in some cases it does:


PHP Code:
ini_set('session.hash_function'1); 


and in some cases it does:


PHP Code:
ini_set('session.sid_length'$sid_length); 


That would for sure make a difference. CodeIgniter will drop the session if there is no regex match for the session ID. The good news for you is that this method is easy to use outside of CodeIgniter. I think technically all you need is the upper 37 lines.
Reply

#9
Thanks Brian. Yes I can see CI checks for php version to determine sid length at /system/libraries/Session/Session.php in _configure_sid_length().

I am not really sure what can I do there to make the sid length match my plain php sid. Sad
Reply

#10
Copy and paste the method into your custom session class, and call it before you call session_set_save_handler. You'll need to add the $_sid_regexp member at the top of your class.

If you browse through CodeIgniter's Session.php file, you'll see everything that was done, and when you research all that was done you'd never been attempting to use plain PHP sessions without doing all that stuff. A lot of what's going on is all security related, and if you don't do it right then you for sure don't want to be authenticating people on that session.

For my own use, I made a session class with kind of a mix between CodeIgniter's Session.php and Symfony's PDOSessionHandler. It's only for database sessions, but it might give you some clues as to how you can work with CodeIgniter type sessions outside of CodeIgniter: https://bitbucket.org/skunkbad/php-db-sessions
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.