1

I am playing around with sessions to authenticate users and run functions. I am using sessions between two servers. I describe the process of what I am doing below.

1) With Server 1 pass username and password to the main Server 2. 

public function get_session_auth($username,$password){
        $resultArray = array(
            'result' => 'succeeded',
            'resultText' => null
        );

        $request = new HTTP_Request2($this->baseUrl. 'index.php/login/get_session_id_via_login?username='.$username.'&password='.$password, HTTP_Request2::METHOD_GET);
        if (ENVIRONMENT === 'development') {
            $request->setConfig(array('ssl_verify_peer' => false));
        }
        //$request->setAdapter('curl');
        try {
            $response = $request->send();
            if (200 == $response->getStatus()) {
                $resultArray = json_decode($response->getBody(), true);
            } else {
                $resultArray['result'] = 'failed';
                $resultArray['resultText'] = 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
                $response->getReasonPhrase();
                // Here we should write data to log file.
                $this->getLogger()->error($resultArray['resultText']);
            }
        } catch (HTTP_Request2_Exception $e) {
            $resultArray['result'] = 'failed';
            $resultArray['resultText'] = 'Error: ' . $e->getMessage();
            // Here we should write data to log file.
            $this->getLogger()->error($resultArray['resultText']);
        }
        $resultArray['operation_name'] = 'get_session_auth';
        return $resultArray; 
    }

2) I login the user with username and password in Sever 2 and start a session and store information such as ( id, user_id, role = (Admin, Batch) ) in the $_SESSION. 3) I get the session_id and pass it back to Sever 2

$session_id = session_id();
return $session_id;

4) Now I call some functions in Server 2 using GET from Server 1 and I also pass in the session_id as a variable in the url

public function dosomething($session_id)
    {
        $resultArray = array(
            'result' => 'succeeded',
            'resultText' => null
        );

        $request = new HTTP_Request2($this->baseUrl. 'index.php/payment/dosomething/true?session_id='.$session_id, HTTP_Request2::METHOD_GET);
        if (ENVIRONMENT === 'development') {
            $request->setConfig(array('ssl_verify_peer' => false));
        }
        //$request->setAdapter('curl');
        try {
            $response = $request->send();
            if (200 == $response->getStatus()) {
                $resultArray = json_decode($response->getBody(), true);
            } else {
                $resultArray['result'] = 'failed';
                $resultArray['resultText'] = 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
                $response->getReasonPhrase();
                // Here we should write data to log file.
                $this->getLogger()->error($resultArray['resultText']);
            }
        } catch (HTTP_Request2_Exception $e) {
            $resultArray['result'] = 'failed';
            $resultArray['resultText'] = 'Error: ' . $e->getMessage();
            // Here we should write data to log file.
            $this->getLogger()->error($resultArray['resultText']);
        }
        $resultArray['operation_name'] = 'dosomething';
        return $resultArray;
    }

5) I fetch the session_id from the URL in Server 2 and then try to use 

session_id( 'session_id' );
session_start();

6) The problem is that, I am expecting that the $_SESSION variable will having the previously stored (id, user_id, role=(Admin,Batch) but the $_SESSION` variable is empty even if the session_id is the same one where I stored those information before.

So how can I retrieve the information I stored in the first $_SESSION?

Masnad Nihit
  • 1,986
  • 2
  • 21
  • 40
  • you need to have the cookie with the session data on both servers to access it – lovelace Sep 20 '18 at 08:01
  • @lovelace you could please elaborate a bit more, I did not understand it well. All the communication is happening in the backend so will cookies even work? – Masnad Nihit Sep 20 '18 at 08:02
  • By default, session data is stored in a temporary file on the server - your second server would need this file as well. The location of the temp files should be specified by the session.save_path directive in your PHP config file. – lovelace Sep 20 '18 at 08:10
  • @lovelace the second server is basically where i get the session_id, and i pass the session_id to server 1 and then pass it back to server 2 again to start the session. Are you telling me that I need to pass back session.save_path to server 1 along side session_id and then find the path to which the session is stored and start it? Won't the temporary file be deleted by then? – Masnad Nihit Sep 20 '18 at 08:15
  • this might help you on your way https://stackoverflow.com/questions/6490875/how-to-manage-a-single-php5-session-on-multiple-apache-servers – lovelace Sep 20 '18 at 08:18

0 Answers0