Aug
14
accessing external PHP Sessions in CakePHP
August 14, 2008 | 6 Comments
During a recent project, I was asked to build an extension onto a site we had done many moons ago. The original site was just custom rolled PHP. No frameworks at all. However, with the new extension I decided to use CakePHP. The extension could live standalone, but needed to be “aware” of some data from the original app. More specifically, something similar to a login sets a session var upon success. I didn’t think it would be all that big of a deal to read that Session in Cake, after all it was still PHP on the same box, in the same application name space. I was wrong.
The explanation is pretty simple to understand. Cake has it’s own Session handling. Because of this Cake creates a Session automatically by default. This can be turned off in the configs, but really isn’t the root of the problem. The issue lies in Cake not being aware of the external app’s already created Session. There are many posts about injecting data from external Sessions into a Cake Session, but that doesn’t seem very DRY to me. It could cause issues with data being out of sync as well. A lot of management could need to occur.
So last night I decided to try something relatively simple in hind sight. I wanted to figure out a way for Cake to just use the external Session. Bottomline, it’s pretty easy. All you have to do is pass the session ID (session_id()) from the external to the Cake app. Querystring param or whatever. And then in your Cake controller, set a beforeFilter method that accepts the param and uses it to create a new Session, which is already created, so Cake just uses it.
if (isset($_GET['SESSIONID'])) { session_destroy(); session_id($_GET['SESSIONID']); session_start(); }
After that, you can access any properties from the external session in Cake natively using Cake’s built in methods like:
$this->Session->read('param_name');
or just through the PHP Session Object:
$_SESSION['param_name']
Comments
6 Comments so far
sir mike,
am new to cakePHP. will appreciate an example for this using a simple external page called by cake then returns to cake caller. tried searching cakePHP manual documentation how to do :
a. redirecting to non cake page
b. return to calling cakepage from that external page
but not quite answer our needs. my english not so good, take me very long to
understand other suggestions.
your explain seem closest to what we need.
thank you for reply if you have time.
miguel
your blog on :
The issue lies in Cake not being aware of the external app’s already created Session. There are many posts about injecting data from external Sessions into a Cake Session, but that doesn’t seem very DRY to me. It could cause issues with data being out of sync as well. A lot of management could need to occur.
So last night I decided to try something relatively simple in hind sight. I wanted to figure out a way for Cake to just use the external Session. Bottomline, it’s pretty easy. All you have to do is pass the session ID (session_id()) from the external to the Cake app. Querystring param or whatever. And then in your Cake controller, set a beforeFilter method that accepts the param and uses it to create a new Session, which is already created, so Cake just uses it.
if (isset($_GET['SESSIONID'])) { session_destroy(); session_id($_GET['SESSIONID']); session_start(); }
After that, you can access any properties from the external session in Cake natively using Cake’s built in methods like:
$this->Session->read(’param_name’);
or just through the PHP Session Object:
$_SESSION['param_name']
How about:
Configure::write(’Session.save’, ‘php’);
Configure::write(’Session.cookie’, ‘PHPSESSID’);
Configure::write(’Security.level’, ‘medium’);
In the config/core.php?
Won’t that share sessions with normal PHP?
thank you to mike. Your posting really help me.
Thank you to kevin also. I’ve test your idea and it’s work
Thanks for the tip! In CakePHP 1.2 I had to change 2 lines to get the session to actually takeover:
//session_destroy();
$this->Session->destroy();
session_id($_GET['SESSIONID']);
//session_start();
$this->Session->start();
Thanks!
I didn’t need to destroy the session. If you set up the id in a beforeFilter(), then it will use that id as the session. So this is all I needed.
$this->Session->id(trim($_GET['SESSIONID']));
$this->Session->start();
Thanks mike for pointing me in the right direction.
really helped with what i had to do. i have been working on a CakePHP 1.1(dont ask why…) project.
Came up with a strange requirement where i needed to load a users session and write extra params to it.
your method worked perfectly to load a user’s session. but once i hijacked the session, the original user lost that session. this i understand is for security reasons and the session id is generated based on the userAgent. it was pretty simple to strip this security feature out. you need to add the following two lines in the bootstrap.php
uses(’configure’);
Configure::write(’Session.checkAgent’, false);
I know.. Configure::write() in Cakphp 1.1 !! have been using define() as i thought this was added only in 1.2 but strangely it has always been there.. or someone working on the project from which i borrowed the base of my code from has put it in there.
Cheers..