Manually setting session ids

**=?iso-8859-1?Q?=C1lvaro?= G. Vicario** · Sep 29 '08, 06:55 PM

Re: Manually setting session ids

*** Hugh Oxford escribió/wrote (Mon, 29 Sep 2008 18:33:09 +0100):

I am writing some server to server software that needs to maintain state.
>
When I say server to server I mean that the client is not a browser, it
is another PHP server (as if that wasn't obvious).

The word "server" has lots of meanings. What do you mean exactly? If you
are connecting to a remote server using HTTP, it doesn't matter who you
are: the mechanism is exactly the same.

This is the server (pseudocode). Forget the transport mechanism, imagine
that any function can be called remotely.

You are making a rather curious assumption but...

The problem seems to be that session_start on the server side is called
at the top of the script, and there is no way to change the session_id
midstream.

.... this works for me:

<?php

session_id('A') ;
session_start() ;
$_SESSION['who_am_i'] = 'I am session A';
session_write_c lose();

session_id('B') ;
session_start() ;
$_SESSION['who_am_i'] = 'I am session B';
session_write_c lose();

session_id('A') ;
session_start() ;
echo $_SESSION['who_am_i'] . "\n";
session_write_c lose();

session_id('B') ;
session_start() ;
echo $_SESSION['who_am_i'] . "\n";
session_write_c lose();

?>

You need to set session.use_coo kies to 0 in your php.ini (or use @ to hide
warnings).

--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor en cubitos: http://www.demogracia.com
--

**Gordon Burditt** · Sep 29 '08, 07:55 PM

Re: Manually setting session ids

>I am writing some server to server software that needs to maintain state.

>
>When I say server to server I mean that the client is not a browser, it
>is another PHP server (as if that wasn't obvious).

But for the purpose of this connection, it's another client.

>The obvious way to do this is to use the session ID. The problem is, how
>to first of all generate a session ID and then send back a session ID to
>reload a session.

CURL permits things such as getting the session cookie returned
from a request, saving it, and re-sending it on subsequent requests
in the same session.

The session ID is set by the server acting as a server in this situation.
It is up to the client to get the returned session ID, *NOT CHANGE IT*,
and re-use it when necessary. If you need to save the session cookie
across a PHP page in the client, use a database.

Don't confuse the session ID for server-to-server vs. the session
ID for the PHP page browser-to-server. They are two different
session IDs.

>Perhaps my understanding of sessions is too limited, but I can't see the
>wood for the trees at the moment. Maybe it's obvious and I can't see it.
>
>This is the server (pseudocode). Forget the transport mechanism, imagine
>that any function can be called remotely.

That's a strange assumption.

>
><?php
>session_start( );
>
>function GetSessionID()
>{
>return session_id();
>}
>
>function SetSessionID($s ession_id)
>{
>session_id($se ssion_id);
>}
>
>function SetVar($var, $val)
>{
>$_SESSION[$var] = $val;
>}
>
>function GetVar($var)
>{
>return $_SESSION[$var];
>}
>
>?>
>
>now, on the client side, the idea is to do something like this
>
>$sid = $client->GetSessionId() ;
>$client->SetSessionId($ sid);
>$client->SetVar('foo' , 'bar');
>echo $client->GetVar('foo' ); //returns 'bar'
>
>The problem seems to be that session_start on the server side is called
>at the top of the script, and there is no way to change the session_id
>midstream.
>
>Even if I could change the session_id, would I get back the data I had
>already set?
>
>Does anyone have any thoughts. I'm going mad.
>

**C. (http://symcbean.blogspot.com/)** · Sep 30 '08, 12:35 PM

Re: Manually setting session ids

On 29 Sep, 18:33, Hugh Oxford <ares...@fas.co mwrote:

I am writing some server to server software that needs to maintain state.
>
When I say server to server I mean that the client is not a browser, it
is another PHP server (as if that wasn't obvious).
>
The obvious way to do this is to use the session ID. The problem is, how
to first of all generate a session ID and then send back a session ID to
reload a session.
>
Perhaps my understanding of sessions is too limited, but I can't see the
wood for the trees at the moment. Maybe it's obvious and I can't see it.
>
This is the server (pseudocode). Forget the transport mechanism, imagine
that any function can be called remotely.
>
<?php
session_start() ;
>
function GetSessionID()
{
return session_id();
>
}
>
function SetSessionID($s ession_id)
{
session_id($ses sion_id);
>
}
>
function SetVar($var, $val)
{
$_SESSION[$var] = $val;
>
}
>
function GetVar($var)
{
return $_SESSION[$var];
>
}
>
?>
>
now, on the client side, the idea is to do something like this
>
$sid = $client->GetSessionId() ;
$client->SetSessionId($ sid);
$client->SetVar('foo' , 'bar');
echo $client->GetVar('foo' ); //returns 'bar'
>
The problem seems to be that session_start on the server side is called
at the top of the script, and there is no way to change the session_id
midstream.
>
Even if I could change the session_id, would I get back the data I had
already set?
>
Does anyone have any thoughts. I'm going mad.

You're trying to make the session model for browser wielding users fit
a server-to-server model. Start again with a blank bit of paper.

We can't advise further without knowing a lot more about the
interchange - how does security figure? Will there be multiple
clients? "Forget the transport mechanism" - do you mean we should
assume that it's transactionally secure or that this doesn't matter?
Does it have to run synchronously or asynchronously? Are you writing
the code at both ends?

C.

**Jerry Stuckle** · Sep 30 '08, 12:45 PM

Re: Manually setting session ids

Hugh Oxford wrote:

I am writing some server to server software that needs to maintain state.
>
When I say server to server I mean that the client is not a browser, it
is another PHP server (as if that wasn't obvious).
>
The obvious way to do this is to use the session ID. The problem is, how
to first of all generate a session ID and then send back a session ID to
reload a session.
>
Perhaps my understanding of sessions is too limited, but I can't see the
wood for the trees at the moment. Maybe it's obvious and I can't see it.
>
This is the server (pseudocode). Forget the transport mechanism, imagine
that any function can be called remotely.
>
<?php
session_start() ;
>
function GetSessionID()
{
return session_id();
}
>
function SetSessionID($s ession_id)
{
session_id($ses sion_id);
}
>
function SetVar($var, $val)
{
$_SESSION[$var] = $val;
}
>
function GetVar($var)
{
return $_SESSION[$var];
}
>
?>
>
now, on the client side, the idea is to do something like this
>
$sid = $client->GetSessionId() ;
$client->SetSessionId($ sid);
$client->SetVar('foo' , 'bar');
echo $client->GetVar('foo' ); //returns 'bar'
>
The problem seems to be that session_start on the server side is called
at the top of the script, and there is no way to change the session_id
midstream.
>
Even if I could change the session_id, would I get back the data I had
already set?
>
Does anyone have any thoughts. I'm going mad.
>
>

I don't understand what the session id has to do with what you're trying
to accomplish. In fact, I have no idea exactly what you're even trying
to accomplish.

How about describing what you're trying to do, instead of why what
you're doing won't work (and no, it won't work).

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Manually setting session ids

Manually setting session ids

Comment

Comment

Comment

Comment