I can get the PHP session variables using the GET method using CURL?

Question

I have 2 .php files

The first php creates a session:

<?php
session_start();
$_SESSION['ID']  = '1';
$_SESSION['NAME'] = 'ALIAS';
$_SESSION['TIME']   = time();
print_r($_SESSION);

The second file has the same session and if it is called from the same browser using the GET method should return the values of the session:

<?php
session_start();
if($_SERVER['REQUEST_METHOD'] == "GET"){
    $key = $_GET["access_token"];
    if($key=="b8bc45179e0c022a0a5e7738356549a3ebf3788c"){
        $json = array("status" => 1, "msg" => $_SESSION['NAME']);
    }else{
        $json = array("status" => 0, "msg" => "ACCESS ERROR");
    }
    header('Content-type: application/json');
    echo json_encode($json);
}

It is a success when I call from navigation bar from browser as follows:

https://test.com.mx/p_session.php?access_token=b8bc45179e0c022a0a5e7738356549a3ebf3788c

I get:

{"status":1,"msg":ALIAS}

but when a script from a third party:

<?php 
$ch = curl_init('https://test.com.mx/p_session?access_token=b8bc45179e0c022a0a5e7738356549a3ebf3788c');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);     
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 
$response = curl_exec($ch);
curl_close($ch);
print_r($response);

calls from the same browser I get:

{"status":1,"msg":null}

Exist way of make this possible?

I don't think `CURL` can have sessions in the current approach. Try `print_r($_SESSION);`; or you could try to figure out the session id you already set up and send that with the `CURL`. — chris85, Mar 10 '16 at 22:23
curl does not re-use your session cookies, you have to append them manually — Iłya Bursov, Mar 10 '16 at 22:28
Looks like the 3rd party script is sending a request to the 2nd PHP file but the session variables are getting set in the 1st PHP file. As such, the script will not have access to the values being set in the 1st PHP file. — Maximus2012, Mar 10 '16 at 22:28
What I'm curious about is why it returned a status of 1, given the incorrect key name in the querystring.... i.e. the urls you provide misspell access_token as acces_token. I know that doesn't help your problem, but I do find it interesting nonetheless. — Nicholas Byfleet, Mar 10 '16 at 22:28
I try to make a third application login with my application data in same browser — Quickcoding, Mar 10 '16 at 22:41
@Nicholas Byfleet, access token is send in the url via get, so the script has access to the token, though, not the session variables. — S00, Mar 10 '16 at 22:52

score 2 · Answer 1 · edited May 23 '17 at 12:07

When you use sessions in PHP, a session cookie is set to the clients browser, containing a session id. Curl, by default, doesn't keep cookies so when you call the second file, it can't access your cookies.

First, you should call the first url with curl, get the cookies it returns to you, then request the second url with these cookies. Also, you aren't even calling the first file in the first place, so it didn't even return you a cookie anyway. (even if it did, you wouldn't be able to keep it like this without options, though)

example options:

curl_setopt( $curl_handle, CURLOPT_COOKIESESSION, true);
curl_setopt( $curl_handle, CURLOPT_COOKIEJAR, $cookie);
curl_setopt( $curl_handle, CURLOPT_COOKIEFILE, $cookie);

you should call the first url with curl, keep the cookies, then call the second url.

related: PHP Curl And Cookies

google "curl php cookie" and similar for more, but this is basically it.

I can get the PHP session variables using the GET method using CURL?

1 Answers1