0

I have an app sits on machine A (solaris.example.com) and same apps sits on machine B (rhodes.example.com), these two machines are connected to same MYSQL database which has session table on it.

I've implemented my own session handler so it saves to the database instead of saving it to the files and this works fine.

My question is, how do I access an exact session ID that is created on machine A from machine B?

I have these setup on my init script for both machines:

ini_set("session.gc_maxlifetime", "288000"); 
ini_set("session.cookie_lifetime", "288000");
ini_set("session.save_handler", "user");  
session_set_cookie_params( 0, "/", ".example.com", false, false);
session_cache_expire(288000);

The problem I'm getting is that the machine B keeps creating a new session on the table and when I tried to set the session ID on machine B using session_id( $_GET["sessId"] ) it's overriding the value that's been created by the machine A.

The question is, how do I tell machine B to use the session ID that is created by machine A and get the data from the table?

I thought this is going to be automatic since I've called session_set_cookie_params( 0, "/", ".example.com", false, false);

Any help would be fantastic

Gumbo
  • 643,351
  • 109
  • 780
  • 844
gumpi
  • 281
  • 1
  • 4
  • 13
  • How do you specify your custom session save handler? – Gumbo Aug 23 '10 at 12:10
  • Did you check the cookie being created as you want it? Did you check if the cookie headers sent match the cookie you want to be sent? – Jasper Aug 23 '10 at 12:43
  • Name PHPSESSID Value 79c3dfa10e632ec2df7fb9a5240a2aad Host .example.com Path / Secure No Expires At End Of Session – gumpi Aug 23 '10 at 12:49
  • So the domain is correct. Now go to `rhodes.example.com` and check the cookie header that is sent (for example, through Firebug's net panel) and see if that matches the right cookie. – Jasper Aug 23 '10 at 13:15
  • @El Leonard: And `example.com` is just the placeholder for the actual host name, right? – Gumbo Aug 23 '10 at 13:15
  • @jasper: Name PHPSESSID Value 79c3dfa10e632ec2df7fb9a5240a2aad Host .example.com Path / Secure No Expires At End Of Session – gumpi Aug 23 '10 at 13:17
  • Do I have to pass the PHPSESSID on the URL when requesting from machine B? – gumpi Aug 23 '10 at 13:21
  • @El Leonard: Are you sure that is a cookie _header_ from the request you made for the page? It looks a lot more like an actual cookie. – Jasper Aug 23 '10 at 14:43

2 Answers2

0

I would be trying to save a cookie on users' machine so i can easily determine if his/her session is existing or not. Of course if the user has disabled cookies this won't work.

You can store some kind of meaningful data based on the user ip/etc then you can identify the user based on this data. Note: this solution is working only when you can exactly identify the user. Otherwise you can give a other users' session to the current user.

Edit i found a link on SO, maybe it will help.

Community
  • 1
  • 1
fabrik
  • 14,094
  • 8
  • 55
  • 71
0

There's nothing obviously wrong about your approach assuming that both machines are accessed using the same hostname in the URI at the client-side.

session_id( $_GET["sessId"] )

use_trans_id should be avoided wherever possible. Cookie values are only present in $_REQUEST (depending on request_order ini setting) or in $_COOKIE.

Certainly if they are using different hostnames at the client then you'll need to populate the session id yourself - PHP probably won't do it for you.

Using cookies is a far more sensible approach and simplifies things greatly.

You should check if the session id created on machine A really is presented to machine B (as a cookie or in the URL). If it is, then something very unusual is going on.

symcbean
  • 47,736
  • 6
  • 59
  • 94
  • Sorry don't have time to do free code critiques - and it doesn't answer the questions I suggested you address. – symcbean Aug 24 '10 at 10:32