I need to integrate my no-framework code with my brand new Zend Application. But they need to share a session. The problem I am facing is - when I am setting the session variables from the non-zend php using
$_SESSION['MyApp']['user']=$user;
I cant access the session from the Zend Application, i tried both -
print_r($_SESSION['MyApp']['user']);
and
$myAppSession = new Zend_Session_Namespace('MyApp');
print_r($myAppSession->user);
Doesn't work. Info - I have
resources.session.name = "MyApp"
in my bootstrap ini file.
Zend_Session_Namespace is just a wrapper for $_SESSION so this should be straightforward. When you say it doesn't work, is the $_SESSION array empty? If so, make sure you are creating the sessions in the same way (i.e. using the same session storage, cookie name etc.).
You're confusing session name with ZF session namespaces.
The session name refers to the value stored in the session cookie and does not have any effect on the actual contents of $_SESSION.
For your apps to share a session, they both need to set the same name using session_name() or the session.name php.ini directive.
I found a way out, Zend Session has a different session id than normal PHP sessions, so what I did was to send the session id from zend with the request and start the session with that session id -
if(isset($_REQUEST['sess_id'])) {
$sess_id = $_REQUEST['sess_id'];
}
session_id($sess_id);
session_start();
Its not beautiful code, but it works.
Related
I was trying out the new enhanced revocable sessions in Parse on my Android app. It works well when logging in or signing up via email password or facebook but doesn't work well for custom authentication, e.g. google+.
I'm currently logging in the user using the cloud code which also creates the new user when signing up. This does not create a new Session object, that means the new enhanced sessions are not used and it still uses the legacy sessions.
I pass the session token back to client where using the become method the user logs in but it's the legacy sessions.
This feels like the feature is not complete but I would really like to move to the new enhanced sessions with my app. Has anyone worked with them yet? Are there any workarounds using the REST API or by creating the sessions manually and handling them manually? I looked into the JS API but it says it's only read only.
Here's the Blog post on Enhanced Sessions.
Where should I go next?
Yes, I found a solution but it's a workaround, works for my case because I don't support signing up with user/password.
Basically, the solution (cloud code) in semi pseudo-code is:
Fetch the user with master key
Check if user.getSessionToken() has value
if it has, return the session token and do a user.become() in the client as usual
if it's not, here the workaround, do the following:
yourPreviousPromiseInOrderToChainThem.then(function(user)
password = new Buffer(24);
_.times(24, function(i) {
password.set(i, _.random(0, 255));
});
password = password.toString('base64')
user.setPassword(password);
return user.save();
}).then(function(user) {
return Parse.User.logIn(user.get('username'), password)
}).then(function(user) {
var sessionToken = user.getSessionToken();
// Return the session token to the client as you've been doing with legacy sessions
})
That means, I'm changing the user password each time in order to make a remote login and, of course, I know thist can't be applied to all cases, it's enough for app because I don't support login with user/password (only third party logins) but I understand that maybe it's not for all cases.
I got the idea from this official Parse example.
I don't like this solution because I think is not a workaround, it's a mega hack but I think there is no other way to do it currently (either Parse.com or Parse-Server)
If you find other workaround, please, share it :)
Following is the code i'm using for prog login for my application.
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(userName, passWord);
token.setDetails(new WebAuthenticationDetails(request));
authentication = authenticationManager.authenticate(token);
LOGGER.debug("Logging in with [{}]"+ authentication.getPrincipal());
SecurityContextHolder.getContext().setAuthentication(authentication);
after this a model is returned (without changing URL, i can see usename n role here). on that view, there is a form. which submits to another link with role permission same as of current user.
but when user submits the form then spring redirects it to login page and invalidate the session.
I have checked and found that jsession is is appended with .undefined (mS5YoJL3YfznQNuItNUeiLd6.undefined) and i suspect that this must be the problem.
I've checked it, and undefined was coming because of Jboss AS 7.1 and this whole issue was coming because I was not creating session while auto login. I have changed the code and its running perfectly. Thanks for your response. –
I have written a web application using Zend framework, and I convertered it to the drupal module using ".module" file.
But I need to authorize current drupal user in that module.
How could I check the drupal user role in Zend?
By the way I find out Drupal has its own session handler to store data in database and zend use default handler which store sessions data into file system.
So it make them separate.
Any solution?
It's considered bad practice to check the roles array itself in Drupal, the correct method is to assign an appropriate permission to that role, and check for that permission with user_access(), e.g.
if (user_access('an appropriate permission')) {
// User is authorised.
}
So you actually have a Drupal module.
Try
<?php
global $user;
if (in_array('administrator', array_values($user->roles))) {
}
I am using CGI::Session for session management in my Perl web application. I am able to
create a session using the file session driver but I am unable to get the existing session and unable to access stored parameters of session.
I am trying to get existing session but it's creating new one
and query string $CGISESSID both are same but $session here I am getting was different
it's a totally new one so I am unable to get the stored parameters from session.
Please help me to resolve this issue.
Thanks,
Krishna
If you are getting new session at each request, as others pointed out, you are not sending session id in the cookie. If you are using CGI.pm to handle your HTTP header, do this:
print $q->header(-cookie => $session->cookie);
If you are using CGI::Application for your Application framework, do this inside the setup() or cgiapp_init() (if you have it)
$self->header_add(-cookie => $session->cookie);
Or, you can use CGI::Session's own header(), which by default, uses' CGI::header method:
print $session->header()
Using CGI::Session's utilities (such as cookie and/or header) are recommended since they honor expiration settings for the cookie.
Are you doing
print $session->header()
before printing the html content?
My Zend session (I am using Zend_Session_Namespace) do not get destroyed on window close. I thought that was the default behavior and I would really like it to. Any idea?
Check and delete any code like this in your application.ini file
remember_me_seconds = 864000
In login controller use the the following piece of code, then it should work fine.
$remember=$form->getValue("remember")
if ($remember=="yes") {
$seconds=60 * 60 * 24 * 30; (remember for 30 days)
Zend_Session::RememberMe($seconds);
}
else {
Zend_Session::ForgetMe();
}
I don't know if this helps but here goes.
There are two ways to 'destroy' a session.
On the client side - the cookie
On the server side - the session namespace
The session on the browser is not really destroyed when the browser window is closed. What happens is that the browser will delete the cookie. When the browser goes to your site again it doesn't have a cookie anymore and has to get a new session.
If you set the 'life' of a session to be really short, then the session will be deleted on the server really quickly. Even if a browser with a cookie comes along, if there is no matching session on the server then it will end up getting a new session.
You have to find a way to set the cookie parameter that tells the browser to delete it on window close. I'm not sure what portion the rememberMe() function acts on,whether it's the cookie or the session on the server.
If you set this parameter, the browser will delete the cookie on window close and you'll have 'deleted' the session on the browser side.