-3

I have a PHP script to be used as an Ajax responder, which I want to remember a previous call. I thought that it should be able to remember using $_SESSION data.

I’ve simplified it down to a pair of scripts, using CURL to communicate between them.

Here is the receiving end code which is supposed to remember:

//  test.php
//  Start Session
    if(!session_id()) session_start();
    session_regenerate_id();

//  init
    if(isset($_GET['init'])) {
        $init = uniqid();
        $_SESSION['init'] = $init;
#       session_write_close();          //  doesn’t seem to help
        exit($init);
    }

//  test
    if(isset($_GET['test'])) {
        exit(print_r($_SESSION, true));
    }

Here is the code which calls the above:

//  Initialise
    $url = 'test.php?init';
    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($curl);
    curl_close($curl);

    print_r($response);

//  Test
    $url = 'test.php?test';
    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($curl);
    curl_close($curl);

    print_r($response);

I was hoping that the second (test) would include the new session data from the first (init).

I’ve also tried including this when calling:

curl_setopt($curl, CURLOPT_COOKIE, session_name()  . '=' . session_id());
session_write_close();

That doesn’t work either.

Maybe sessions aren’t the solution. How can I get the called code to remember between calls?

Improve this question
12
  • 5
    AJAX automatically sends the session cookie, so it will work Why are you testing with curl? Commented Aug 23 at 9:30
  • 2
    "Both of them are very old" - because this question was solved a long time ago. "the other focuses on setting cookies, which are tangential to this question" - saving and reusing the session cookies that the server sets is how sessions work. That's not tangential, that's the answer to why your code is not working. Note that CURLOPT_COOKIE is for setting your own cookies, which is another way to share data between requests, but that's a different thing. Lastly, if you've found a new solution to how curl can persist a session, add it as a new answer to the appropriate linked dup. Commented Aug 24 at 5:23
  • 1
    $_SESSION is just an auto-populated array that contains session data. As long as you have a working session, having $_SESSION populated goes without saying. It doesn't have to be mentioned at all. Commented Aug 24 at 7:51
  • 2
    I don’t want to set cookies, I want to use PHP sessions. - Alas, "PHP sessions" (or any other sessions for that matter) are based on cookies and the only reason a PHP session wouldn't work is a failure to provide a valid session cookie. So you have to set cookies, like it or not. Commented Aug 24 at 7:54
  • 1
    In theory yes. In practice nobody uses it due to obvious security implications. And if your "answer" implies that kind of solution, it's a godsend that this question is already closed, no matter the reason. Commented Aug 24 at 10:43

1 Answer 1

Reset to default
0

It turns out that there a many solutions to this. Here are some of the methods:

  • Create a session cookie in the PHP cURL script.

  • Send the session id in the GET method (on the URL) or in the POST method.

    Using the GET method runs the risk of exposing the session id to evil third parties, so it’s generally discouraged. Using the POST method is much more secure, as long as you make sure that you’re using HTTPS.

    If you use the PHPSESSID name, or whatever the cookie name has been changed to, this method is pretty automatic as long as you make a few tweaks on the back end.

  • Send the session id in a different GET or POST value. This requires manually using the session id at the back end.

Here, I’ll detail using the cookie method, as it’s the most straightforward.

First, at the back end, set up something like this:

//  test.php
//  Start Session
    if(!session_id()) session_start();
    session_regenerate_id();

//  init
    if(isset($_GET['init'])) {
        $_SESSION['data'] = $_GET['data'];
        exit(session_id());
    }

//  test
    if(isset($_GET['test'])) {
        exit($_SESSION['data']);
    }

You call the back end with something like this:

$url = 'test.php?init&data=hello';
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$sessionid = curl_exec($curl);
curl_close($curl);

Note that the init query returns the session id, which is then stored in the $sessionid variable.

To retrieve the saved data, we can use something like this:

$url = 'test.php?test';
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, [
    "Cookie: PHPSESSID=$sessionid",
]);
$data = curl_exec($curl);
curl_close($curl);

print $data;

The key here is to use curl_setopt() to set the cookie, and let the PHP on the back end handle the rest.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.