Node Express PHP share session over redis

Question

I tried implementing the solution here: How to share session between NodeJs and PHP using Redis?

It works great if I create a session in Node and then load my PHP page. The sessions combine. I need to know how to create the session in PHP and then have it combine when I visit my node site. Both of my sites are on the same domain 100%.

In this snippet I added the $echo $sess_id line and it comes out as "" (I feel this is the crux of the problem). If I do session_id('temp'); the redis key becomes session:php:temp but obviously it needs to be something that nodeJS understand. I'm also definitely using the same secret key on node / php.

    } else {
      // let PHP generate us a new id
      session_regenerate_id();
      $sess_id = session_id();
      echo $sess_id;
      $hmac = str_replace("=", "", base64_encode(hash_hmac('sha256', $sess_id, EXPRESS_SECRET, true)));
      // format it according to the express-session signed cookie format
      session_id("s:$sess_id.$hmac");
    }

Because of that when I did redis-cli keys * I get a key called session:php: with no session id. if I do redis-cli GET session:php: I get

"{\"php\":\"Hello from PHP\",\"cookie\":[]}"

I know PHP is talking to redis, it's just not saving a real session with a session id.

I've been at this for days, any help would be GREATLY appreciated, and I'd be happy to answer any questions.

It's also worth nothing I get no errors and the following lines

echo json_encode($_COOKIE, JSON_PRETTY_PRINT);
echo json_encode($_SESSION, JSON_PRETTY_PRINT);

output

[

]{
    "php": "Hello from PHP",
    "cookie": [

    ]
}

If I start session in node those lines output the full cookie / session information from node with the php hello from php added (combined perfectly).

Do you call `session_start()` prior to `session_regenerate_id()`? — VolkerK, Jan 29 '16 at 20:30
@VolkerK Not that I am aware of. Within the function require('redis-session-php/redis-session.php'); RedisSession::start(); it calls session_start(); But that is executed well after the session_regenerate_id() line. — user2278120, Jan 29 '16 at 20:31
The session handling (for the current php pinstance) must be started before you can use session_id() et al. The function name `session_start()` might be a bit confusing; it doesn't "create" a new session but starts the session handling mechanism for this php instance, i.e. look up the session id (from cookies, GET/POST paraemters, ....), load existing data etc.... — VolkerK, Jan 29 '16 at 20:34
@VolkerK Interesting, but if I remove that line, it does create a redis session with an id, but when I go to my node app it creates a brand new session (I think because node creates a much longer session ID and doesn't recognize it as the same person). Any suggestions? — user2278120, Jan 29 '16 at 20:35
No idea; just the basic stuff: Your error_reporting level is high enough (E_ALL|E_STRICT)? You have an eye on the [error_log](http://docs.php.net/manual/en/errorfunc.configuration.php#ini.error-log) file? You have tested that you see parse errors, warnings and notices in that file? Is there something related to the cookie headers in that log file? — VolkerK, Jan 29 '16 at 20:43

Node Express PHP share session over redis

0 Answers0