0


I want to simply pull data from external url which use session. I have a website with login. after login there is a page which includs on tables data. I want to pull these data from it. Extracting data from this page is not a problem. Real problem is its includes on session. When i try to retrieve data with an url then its show an blank page. Nothing is showing. It will be great help if this problem is resolved. Please someone tell me how can i resolve this session issue? Below is my code:

$html = new simple_html_dom();<br> $html->load_file('http://example.com/portfolio/page=5');<br> foreach($html->find('body') as $e){ $array = $html->innertext;<br> echo $array;
}

Muhammad Waqar
  • 11
  • 7

1 Answers1

0

If the session is used as a login or vital-information-storing variable, then it isn't possible to fake this.

Session variables are not easily spoofed, and can't be sent this way. You would have to send $_GET variables which the code then uses to create/modify the session or display the data you need without the session. It's only really feasable if you have access to www.example.com for editing the code, where you could send params which bypass the session check.

This is not reccommended as this bypass could be found by others, and you'll have a huge vulnerability.

If session variables were easily faked and passed from another page, we'd have many security risks.

If you are part of the same domain, then it is possible to start the session within the code of the calling page and have access that way...

EDIT: Unless the session is passed in the URL (bad practice, generally) it is not possible to pass session variables between domains. See here.

StuckAtWork
  • 1,613
  • 7
  • 23
  • 37
  • hi thanks for your response. i want to get data from external url which is located after login. This page is only access able when you loggedin. Beside this page i can access whole website but except this page. is there any way to get these data to my localhost file? thanks – Muhammad Waqar Feb 05 '13 at 17:59
  • If it's an external file, you won't be able to get anything off of it providing they've designed it well. Can you POST or GET the login information to this site? Somehow, you need to get your session started; can you login to the site, then run your code (with the site still open)? – StuckAtWork Feb 05 '13 at 18:03
  • i have login id and password. I logged in on the site as well. But its still not working. I don't know what going on. – Muhammad Waqar Feb 05 '13 at 18:13
  • You can't access $_SESSION variables from an external source from your localhost.. it's a security risk. If you could, I could just as easily make a fake $_SESSION cookie and wreak havok on their website. – StuckAtWork Feb 05 '13 at 18:27
  • then how can i do this? on live server? – Muhammad Waqar Feb 05 '13 at 18:40
  • The problem would still lie with the fact that your pages are not part of the host page's domain. It isn't possible to share sessions outside of the host domain. – StuckAtWork Feb 05 '13 at 18:54
  • how facebook, twitter, disqus and linkedin share their session with other hostpages? – Muhammad Waqar Feb 05 '13 at 19:15
  • include('simple_html_dom.php'); $data = array( '__EVENTTARGET' => '', '__EVENTARGUMENT' => '', '__VIEWSTATE' => '%2FwEPDwUKLTcyODA2ODEwMGRk', 'Myname' => 'justdev12345', 'Mypassword' => '12345', 'idLogin' => 'Login', 'tmplang2' => '6', 'fm' => '', 'jc' => '', 'LoginRef' => '' ); – Muhammad Waqar Feb 05 '13 at 19:37
  • $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://secure.site.com/mainframe.aspx"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true ); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true ); curl_setopt($ch, CURLOPT_COOKIEJAR, "sdc_cookies.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "sdc_cookies.txt"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); – Muhammad Waqar Feb 05 '13 at 19:37
  • $output = curl_exec($ch); $info = curl_getinfo($ch); curl_close($ch); $output = new simple_html_dom(); $output = file_get_html('http://profiles.site.com/profile_900.aspx?AccountID=ShopCartUpdate'); print $output; – Muhammad Waqar Feb 05 '13 at 19:38
  • I'm not sure that they do share sessions; usually they use iFrames and external embedding to do their work. Also, I'm not familiar with CURL so I can't be of much help here... – StuckAtWork Feb 06 '13 at 13:44