1

Since PHP sessions are basically cookies, and I am using them to authenticate logged in users (I know, I should move to tokens), is it possible to read the session cookie on my node app? (I want to create a simple chat that gets the logged in username from the PHP session, and on the way allow only logged in users to use the chat)

What would then be the preferred way to do that? (In terms of security as well)

**Edit: I am trying to get something sort of the node equivalent of this in PHP:

if(!isset($_SESSION['user_id']){
   //don't allow access to the chat page
} else {
   //show chat for logged user
}
pileup
  • 1
  • 2
  • 18
  • 45
  • 1
    the cookie does not belong to a specific language –  May 20 '18 at 22:32
  • thanks, I edited the original post, I am then looking for the node equivalent, of how to show page or not if a specific session is set, or not(from PHP) – pileup May 20 '18 at 22:36
  • 1
    dupe? :https://stackoverflow.com/questions/3393854/get-and-set-a-single-cookie-with-node-js-http-server i dont use node so i cant answer that part of the question –  May 20 '18 at 22:38
  • 1
    cookie and sessions are 2 different things, if you are asking about sharing a session data between node and PHP, it is possible but difficult for native sessions, but you might do that with custom sessions offered by different MVC frameworks like symfony, etc... so their entirely depends on your implementation – Furqan Siddiqui May 20 '18 at 23:01
  • Furqan thanks. Btw, smith linked to a way of getting the session if you want to take a look. Now assuming I do have the session of the logged in user, what would be the equivalent of displaying content, or not? – pileup May 20 '18 at 23:10
  • I think I will delete this post and completely re-write it, it's misunderstood currently – pileup May 20 '18 at 23:11

1 Answers1

2

A cookie is not language specific so if the cookie is there, you could certainly read it with node.js.

BUT, the browser only sends cookies to the server that they are associated with. So, if your PHP server is not part of the same sub-domain as the node.js server and the cookies are configured to allow sharing with sub-domains, then the browser won't send the PHP cookie to your node.js server.

To read cookies with Express, you can use the cookie-parser module. Samples for how to use it are in the doc. After installing the cookie-parser middleware, you would end up referencing:

req.cookie

to access that same cookie. To manage sessions using Express and node.js and keep track of server-side session state, one would typically use the express-session module.

jfriend00
  • 683,504
  • 96
  • 985
  • 979
  • for testing on localhost, but on a different port, that should work right? it's considered the same domain – pileup May 20 '18 at 22:53
  • 1
    @TTnote - Cookies are host-specific, not port specific so a cookie from a server on one port will be sent with a request to a different server on the same host, but different port. – jfriend00 May 20 '18 at 22:55
  • Thank you, but I edited my original post, because my initial intention was quite different than what it seems to be - I actually wanted to know how in node js, after you get the cookie, you either allow to show the page, or not, as you'd easily do in PHP with isset. I really want a concrete example with node, because I can't make it work – pileup May 20 '18 at 22:56
  • @TTnote - What's in the actual cookie that you're looking for? I don't know PHP to know what it's doing, but if you show me the actual cookie string from the http header, I can handle the node.js access to it. – jfriend00 May 20 '18 at 22:58
  • Is it the one you're looking for? I wasn't sure: `[PHPSESSID] => fseh3456bv355oqddmtpf158 ` – pileup May 20 '18 at 23:07
  • @TTnote - No, I would need to see the actual cookie string in the http header to know what to ask node.js to look for. – jfriend00 May 21 '18 at 00:03
  • Sorry about this newbie question, but how do I get the string that you need? Couldn't find out – pileup May 21 '18 at 07:37
  • @TTnote - You can log the `req.headers.cookie` property in any node.js request handler. Or, you can look in the Chrome debugger at the raw headers sent with a response from your server. – jfriend00 May 21 '18 at 22:34