0

I've created a non-wsdl soap server with PHP to run functions from all servers I own. There are bunch of problems on this as you can see from my profile but this I hope is solvable. I cannot transfer SESSION data between server and client.

Already used

$server->setPersistence(SOAP_PERSISTENCE_SESSION);

and set session_id manually

session_id ('ID');
session_start ();

but no luck to transfer SESSION data to client.

Is there a way to transfer SESSION data created on soap-server.php to soap-client.php?

ValDiMagra
  • 73
  • 1
  • 8
  • see if https://stackoverflow.com/questions/13732307/how-to-maintain-sessions-in-soapclient-php has any hints with how to access the cookie data I can see that https://www.php.net/manual/en/soapclient.setcookie.php exists also https://stackoverflow.com/questions/13388613/how-can-i-get-soapclient-to-respect-a-session – Scuzzy Aug 12 '19 at 10:41
  • I've already read those but if I am not wrong __setCookie works on client side. I need to transfer SESSION data which created on server.php to client.php, and I am doing something very wrong I guess cause I have lots of other problems too like [these](https://stackoverflow.com/users/7364747/xaochaos?tab=questions) – ValDiMagra Aug 12 '19 at 16:54
  • I've not got a way to test this, but I assume the client uses `$SoapClient->_cookies` to read from the server response and then uses `$client->__setCookie()` to set the cookies in the subsequent requests to the server – Scuzzy Aug 13 '19 at 04:12
  • You have to treat `$client` like a browser that forgets it's cookies, it will remember the cookies during the lifetime of the client, but as soon as your script terminates it forgets them. – Scuzzy Aug 13 '19 at 08:16

1 Answers1

0

Given this soap server

class MyClass
{
  public function __construct(){
    session_start();
  }
  public function login( $user )
  {
    $_SESSION['user'] = $user;
    return true;
  }
  public function getUserName()
  {
    return isset( $_SESSION['user'] ) ? $_SESSION['user'] : false;
  }
}
$server = new SoapServer( null, array( 'uri' => 'http://localhost/scratch/soap.server.php' ) );
$server->setClass('MyClass');
$server->handle();

And this soap client

$url = 'http://localhost/scratch/soap.server.php';
$config = array( 'location' => $url, 'uri' => $url );

// Call the "login" function to set the user name
$firstClient = new SoapClient(null, $config);
$firstClient->login( array( 'MyUserName' ) ); // ONLY CALL LOGIN ONCE
var_dump( $firstClient->getUserName() ); // TRUE

// Track the cookies
$cookies = $firstClient->__getCookies();

// Second Client fails because we didn't set cookies
$secondClient = new SoapClient(null, $config);
var_dump( $secondClient->getUserName() ); // FALSE

// Works because we've set cookies from the first request
$thirdClient = new SoapClient(null, $config );
$thirdClient->__setCookie( 'PHPSESSID', $cookies['PHPSESSID'][0] );
var_dump( $thirdClient->getUserName() ); // TRUE
  1. You can see I am creating three seperate soap clients, the first performs the login, you can see that the subsequent getUserName() work because we're using the same connection context and its re-using the initial cookies internally.
  2. The second client is independent and has no knowledge of the existing session and fails as expected.
  3. the third client injects the cookie from the first client, and is able to track the username through the session and getUserName() is able to resume without the login() function.

Ideally you would automate the injection of the cookie programmatically instead of my "hard coding" for the purpose of this test

So from here, you have to manage the cookies for the soap client yourself.

If you want the session data itself, there is nothing stopping you from creating an exporting function... eg getSessionData in this example

class MyServerClass
{
  public function __construct(){
    session_start();
  }
  public function login( $user )
  {
    $_SESSION['user'] = $user;
    $_SESSION['SomeObject'] = new stdClass();
    $_SESSION['SomeObject']->foo = 'bar';
    return true;
  }
  public function getSessionData()
  {
    return $_SESSION;
  }
}
Scuzzy
  • 12,186
  • 1
  • 46
  • 46
  • Thank you for your time, really appreciated. But isn't that __setCookie reset the cookies actually created in client.php? Or should I use that every time I connect? Could you please check the other 2 soap questions I've already asked for better understanding my issue here? I probably cannot tell my problem cause lack of my language abilities... [question 1](https://stackoverflow.com/questions/57320043/how-to-call-server-side-class-of-soap-in-client-side-code) and [question 2](https://stackoverflow.com/questions/57272853/is-there-a-way-to-stop-php-soap-to-request-each-time-a-function-called) – ValDiMagra Aug 13 '19 at 15:06
  • It depends onn your application design as to how you store the soap cookies. In the script that generates $client you can store them in the session, or even store them in cookies that are passed to the users browser. Remember, we are two layers deep when working with API's, the browser cookies and soap cookies are sepperate for now untill you do something with them. – Scuzzy Aug 13 '19 at 21:45
  • Think of it this way, its up to you to decide how to store `$cookies` if you want to create a presitant state for your user, because right now I have no idea how you're actually using SOAP in your applicaiton. – Scuzzy Aug 13 '19 at 21:59