Share sessions between php and node

Question

Is there an recent guide (or example code) to using node, express, and redis/predis to share PHPSESSID?

I've found several tutorials 1-2 years old and they are all either using old versions express or not using express.

Express cookie parser is also deprecated.

https://simplapi.wordpress.com/2012/04/13/php-and-node-js-session-share-redi/

NodeJS + ExpressJS + RedisStore Session is undefined

It would be great if someone could post some more recent code...

EDIT - extract of node server code so far:

var express = require('express'),
app = express(),
server = require('http').createServer(app),
io = require('socket.io').listen(server),
redis   = require('redis'),
client  = redis.createClient();    

var session = require('express-session'),
RedisStore = require('connect-redis')(session);

app.get('/', function(req, res) {
    res.sendfile('/');
});

app.use(
    session({
            name: 'PHPSESSID'
    store: new RedisStore({
        prefix: 'PHPSESSID',
        port: 6379
    })
})
);

io.sockets.on('connection', function (socket) {

    app.use(function(req, res, next) {
        console.log(req.session);
    });

    .......

Packages:

├─┬ connect@2.17.1
│ ├── basic-auth-connect@1.0.0
│ ├─┬ body-parser@1.2.0
│ │ └─┬ raw-body@1.1.4
│ │   └── bytes@0.3.0
│ ├── bytes@1.0.0
│ ├─┬ compression@1.0.2
│ │ ├── bytes@0.3.0
│ │ ├── compressible@1.0.1
│ │ └── negotiator@0.4.3
│ ├── connect-timeout@1.1.0
│ ├── cookie@0.1.2
│ ├── cookie-parser@1.1.0
│ ├── cookie-signature@1.0.3
│ ├─┬ csurf@1.2.0
│ │ ├── scmp@0.0.3
│ │ └── uid2@0.0.3
│ ├── debug@0.8.1
│ ├── errorhandler@1.0.1
│ ├─┬ express-session@1.2.0
│ │ ├── buffer-crc32@0.2.1
│ │ ├── uid2@0.0.3
│ │ └── utils-merge@1.0.0
│ ├── fresh@0.2.2
│ ├─┬ method-override@1.0.1
│ │ └── methods@1.0.0
│ ├── morgan@1.1.1
│ ├─┬ multiparty@2.2.0
│ │ ├─┬ readable-stream@1.1.13-1
│ │ │ ├── core-util-is@1.0.1
│ │ │ ├── inherits@2.0.1
│ │ │ ├── isarray@0.0.1
│ │ │ └── string_decoder@0.10.25-1
│ │ └── stream-counter@0.2.0
│ ├── on-headers@0.0.0
│ ├── parseurl@1.0.1
│ ├── pause@0.0.1
│ ├── qs@0.6.6
│ ├── response-time@1.0.0
│ ├── serve-favicon@2.0.0
│ ├─┬ serve-index@1.0.3
│ │ ├── batch@0.5.0
│ │ └── negotiator@0.4.3
│ ├─┬ serve-static@1.1.0
│ │ └─┬ send@0.3.0
│ │   ├── buffer-crc32@0.2.1
│ │   ├── debug@0.8.0
│ │   ├── mime@1.2.11
│ │   └── range-parser@1.0.0
│ ├─┬ type-is@1.2.0
│ │ └── mime@1.2.11
│ └── vhost@1.0.0
├─┬ connect-redis@2.0.0
│ └── debug@0.8.1
├─┬ express@4.1.1
│ ├─┬ accepts@1.0.1
│ │ ├── mime@1.2.11
│ │ └── negotiator@0.4.3
│ ├── buffer-crc32@0.2.1
│ ├── cookie@0.1.2
│ ├── cookie-signature@1.0.3
│ ├── debug@0.8.1
│ ├── escape-html@1.0.1
│ ├── fresh@0.2.2
│ ├── merge-descriptors@0.0.2
│ ├── methods@0.1.0
│ ├── parseurl@1.0.1
│ ├── path-to-regexp@0.1.2
│ ├── qs@0.6.6
│ ├── range-parser@1.0.0
│ ├─┬ send@0.3.0
│ │ ├── debug@0.8.0
│ │ └── mime@1.2.11
│ ├── serve-static@1.1.0
│ ├─┬ type-is@1.1.0
│ │ └── mime@1.2.11
│ └── utils-merge@1.0.0
├─┬ express-session@1.2.0
│ ├── buffer-crc32@0.2.1
│ ├── cookie@0.1.2
│ ├── cookie-signature@1.0.3
│ ├── debug@0.8.1
│ ├── on-headers@0.0.0
│ ├── uid2@0.0.3
│ └── utils-merge@1.0.0
├─┬ mysql@2.2.0
│ ├── bignumber.js@1.3.0
│ ├─┬ readable-stream@1.1.13-1
│ │ ├── core-util-is@1.0.1
│ │ ├── inherits@2.0.1
│ │ ├── isarray@0.0.1
│ │ └── string_decoder@0.10.25-1
│ └── require-all@0.0.8
├── redis@0.10.2
└─┬ socket.io@0.9.16
  ├── base64id@0.1.0
  ├── policyfile@0.0.4
  ├── redis@0.7.3
  └─┬ socket.io-client@0.9.16
    ├─┬ active-x-obfuscator@0.0.1
    │ └── zeparser@0.0.5
    ├── uglify-js@1.2.5
    ├─┬ ws@0.4.31
    │ ├── commander@0.6.1
    │ ├── nan@0.3.2
    │ ├── options@0.0.5
    │ └── tinycolor@0.0.1
    └── xmlhttprequest@1.4.2

Answer 1

For node (and Express 4.x):

Start with the example from express-session, but use connect-redis as your session store instead.

Example code:

var express = require('express'),
    app = express(),
    cookieParser = require('cookie-parser'),
    session = require('express-session'),
    RedisStore = require('connect-redis')(session);

app.use(express.static(__dirname + '/public'));
app.use(function(req, res, next) {
  if (req.url.indexOf('favicon') > -1)
    return res.send(404);
  next();
});
app.use(cookieParser());
app.use(session({
  store: new RedisStore({
    // this is the default prefix used by redis-session-php
    prefix: 'session:php:'
  }),
  // use the default PHP session cookie name
  name: 'PHPSESSID',
  secret: 'node.js rules'
}));
app.use(function(req, res, next) {
  req.session.nodejs = 'Hello from node.js!';
  res.send(JSON.stringify(req.session, null, '  '));
});

app.listen(8080);

For PHP:

Use a redis session handler like redis-session-php.

Example code:

<?php

// from https://github.com/TheDeveloper/redis-session-php
require('redis-session-php/redis-session.php');
RedisSession::start();

$_SESSION["php"] = "Hello from PHP";

// `cookie` is needed by express-session to store information
// about the session cookie
if (!isset($_SESSION["cookie"]))
  $_SESSION["cookie"] = array();

var_dump($_SESSION);

?>

Note: Make sure you use the same prefix(connect-redis)/REDIS_SESSION_PREFIX(redis-session-php) (connect-redis uses 'sess:' and redis-session-php uses 'session:php:' by default) and ttl(connect-redis)/session.gc_maxlifetime(PHP) (and same database if you are using a redis database other than the default) for both redis-session-php and connect-redis.

Answer 2

I just wanted to offer an alternate solution here that doesn't require redis and I've been using for a couple years (cross-posting from another answer):

This requires the following:

npm install cookie

npm install php-unserialize

This solution uses the session files on the machine - you shouldn't have to change this line.

session.save_handler = files

^ Should be like this in your php.ini file (default).

Here is the super simple code to retrieve the session data:

var cookie = require('cookie');
var fs = require('fs');
var phpUnserialize = require('php-unserialize');

//This should point to your php session directory.
//My php.ini says session.save_path = "${US_ROOTF}/tmp"
var SESS_PATH = "C:/SomeDirectory/WhereYourPHPIs/tmp/";

io.on('connection', function(socket) {
    //I just check if cookies are a string - may be better method
    if(typeof socket.handshake.headers.cookie === "string") {
        var sid = cookie.parse(socket.handshake.headers.cookie);
        if(typeof sid.PHPSESSID === "undefined") {
          console.log("Undefined PHPSESSID");
        }
        else {
            console.log("PHP Session ID: " + sid.PHPSESSID);
            fs.readFile(SESS_PATH + "sess_" + sid.PHPSESSID, 'utf-8', function(err,data) {
                if(!err) {
                    console.log("Session Data:");
                    var sd = phpUnserialize.unserializeSession(data);
                    console.log(sd);
                }
                else {
                   console.log(err);
                }
            });
        }
    }
}

Results:

Authenticate user for socket.io/nodejs