0

PHP session variables are not transferring across servers. This is a simple example that I am using to check if it works. Please take a look.

file1.php

<?php
    session_start();

    $_SESSION['FirstName'] = Kshitij ;
    $_SESSION['LastName'] = Kawatra ;
    echo session_id();
    echo "<p>First Name is: " . $_SESSION['FirstName'] . "</p>" ;
    echo "<p>Last Name is: " . $_SESSION['LastName'] . "</p>" ;
?>
<p>Go to the <a href="https://<server-ip>/file2.php">next page</a>.</p>

file2.php(on a different server)

<?php
    session_start();
    echo session_id();
    echo "<p>The FirstName session variable is: " . $_SESSION['FirstName'] . "</p>";
    echo "<p>The LastName session variable is: " . $_SESSION['LastName']. "</p> ";
?>

Even the session id doesn't match.

kkawatra
  • 49
  • 5
  • 2
    How have you connected the servers together so that the sessions could work? Are they behind a load balancer or on different hostnames? By default sessions can't travel between servers in any way. – Sami Kuhmonen Jun 13 '17 at 05:11
  • what you want to using session in this case?? – Harsh Panchal Jun 13 '17 at 05:11
  • @sami The servers have two different hostnames. I want to store the session variables in a database but I am not sure about how to retrieve the data from the database. – kkawatra Jun 13 '17 at 07:09

4 Answers4

2

Sessions don't travel between hosts or servers by default. If you're using cookies to handle sessions the cookies are only sent to the originating server (simplified version). If you move to another host/IP the browser naturally won't send any cookies from another host to that site. If they did everyone could get all your accounts and logins and abuse them.

If you want to transfer sessions between servers you'll have to connect them somehow. If they are completely separate you can for example send a token in the URL to the second server that it can then use to retrieve the necessary information from the first one. The system you'd use depends on what you are actually trying to achieve.

Sami Kuhmonen
  • 30,146
  • 9
  • 61
  • 74
  • @kkawatra It can be made secure. That's how many authentication/SSO systems work. It's all about how you handle the token generation and data transfer. – Sami Kuhmonen Jun 13 '17 at 07:07
  • Would you mind sharing some examples that you think will be most efficient and secure? – kkawatra Jun 13 '17 at 07:16
2

First of all this is not possible with default session behavior http://php.net/manual/en/session.examples.basic.php

You can use another session handler session_set_save_handler or memcached

Ahmed Ginani
  • 6,522
  • 2
  • 15
  • 33
  • Correct me if I am wrong. If I use the session handler and save the session data from server1 to a database. Now, if I wish to retrieve that data using session handler of server2, I will be needing the session id or some data from server1 to filter the query. If that's the case, I would have to transfer the session id, between the two servers some other way, right? – kkawatra Jun 13 '17 at 07:05
  • @kkawatra yes you need session name or id – Ahmed Ginani Jun 13 '17 at 07:09
  • So what do you think would be the best way to transfer the session name or id then? – kkawatra Jun 13 '17 at 07:13
  • session name is better also if this answer is helpful for you then accept so it will helpful for others. – Ahmed Ginani Jun 13 '17 at 07:28
2

PHP sessions are local to one server by default. You can't use it on multiple servers directly.

If you want to do so, You'll have to use another session handler.

Refer more details here: How to manage a single PHP5 session on multiple apache servers?

Omkar Nath Singh
  • 3,375
  • 2
  • 15
  • 34
2

There are ways to communicate between servers, but Session isn't one. PHP Session is actually a memory space with a lifespan of a session refreshed by different possible ways and this memory is server side only and only the server running the PHP code.

The best way, but the hardest one would be to create a socket between these two servers and communicate through layers of security between these two servers.

http://php.net/manual/en/function.socket-create.php

The easiest way would be to create a REST API and communicate through it with JSON output coming from html query string.

Returning JSON from a PHP Script

the_greedy
  • 19
  • 2