| Re: Strange url session behaviour after upgrade to 4.3 [message #182747 is a reply to message #182712] |
Tue, 03 September 2013 15:58   |
Tobiah
Messages: 30
Registered: April 2011
Karma:
|
Member |
|
|
On 08/30/2013 05:28 PM, Jerry Stuckle wrote:
> On 8/30/2013 4:33 PM, Tobiah wrote:
>> I have a page that needs to get another page on the fly, using
>> the same session. I figured out how to stop my session and set
>> the cookie on the CURL handler, and everything was cool. The
>> curled page had my same session available as the calling page.
>> Life was good.
>>
>> Now something has changed after upgrading from 5.2.4 to 5.3.10.
>> My session was no longer available on the curled page. What's
>> strange is that the PHPSESSID cookie was still being set, and
>> hit had the correct value.
>>
>> Here is the weirdest part. If I do this:
>>
>> session_id($_COOKIE['PHPSESSID']);
>> session_start();
>>
>> The session is there! But why isn't php taking
>> the cookie as the id all by itself? Regular
>> pages (not curled) all work as before. All of
>> our websites work fine on the new version, except
>> for this one curl call. I could update 100's of
>> websites to fix them with the added lines, but
>> I'd really rather find out why the curled page
>> is not taking the session_id from the PHPSESSID
>> cookie.
>>
>> Thanks!
>>
>> Toby
>
> I don't know what would have changed in the PHP update. But you haven't shown us the failing (cURL) code - so anything would be a
> guess.
>
> Are you trying to access a PHP script on a different server (or domain)? Or what are you trying to do specifically?
>
So I'm executing PHP, and I need to grab the HTML from another
url on the same domain. It's easy to use curl for this, but
I need the other url to execute PHP with the same session id as
the calling script.
I'm doing something like this:
$session_id = session_id();
session_write_close();
Then I make a cookie jar of the Netscape type and point to it:
$cookie = sprintf("%s\t%s\t%s\t%s\t%s\t%s\t%s\n",
$this->host, "FALSE", "/$this->path/", "FALSE", "0", $key, $val
);
$cookie_jar = fopen($this->cookie_jar_name, 'a');
fwrite($cookie_jar, $cookie);
fclose($cookie_jar);
$ch = curl_init($this->url);
curl_setopt($ch, CURLOPT_COOKIEFILE, $this->cookie_jar_name);
I set some other options, including CURLOPT_POST and
CURLOPT_RETURNTRANSFER. I've tried some others that don't
seem to matter either way:
CURLOPT_USERAGENT
CURLOPT_FOLLOWLOCATION
CURLOPT_SSL_VERIFYPEER
CURLOPT_SSL_VERIFYHOST
CURLOPT_FORBID_REUSE
$other_html_page = curl_exec($ch);
So, under php 5.2.4, the 'other' page php
sees the session and the page runs correctly.
Now, under 5.3.10, I have to do this on the other page:
session_id($_COOKIE['PHPSESSID']);
session_start();
So what I don't understand, is why php doesn't know to
look at the PHPSESSID cookie and makes me spoon feed it
the value. This is all running on the same server under
the same .ini file. Sessions work fine in the main page,
and I know PHP is getting the session value out of the
cookie, because deleting the PHPSESSID cookie results in
a reset of all my data for the app.
So there is some difference in curl, where just setting
the cookie is not enough. I have to force the cookie
value into session_id().
Thanks again,
Toby
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]