Codeigniter read session cookie in nodejs

Question

I am making an app with codeigniter, and implementing nodejs for realtime stuff. I want to check if a user is logged in with nodejs. With the code below I am able to get the codeigniter session id in nodejs server:

var server = require('https').createServer(options, function(request, response){
var cookies=(function(str){
    var result={};
    str.split(/;\s+/).forEach(function(e){
        var parts=e.split(/=/,2);
        result[parts[0]]=parts[1]||'';
    });
    return result;
})(request.headers.cookie),
    sessionCookieName='ci_session',
    sessionId=cookies[sessionCookieName]||'';
    console.log(sessionId);
}).listen(8080);

The codeigniter session is stored in database and encryption is set to true. And sess_match_ip = TRUE, sess_match_useragent = TRUE;

Now my question is, what is a good way to check if the user is logged in? I have installed the node-mysql client. Iknow that CI does something like:

SELECT *
FROM (`ci_sessions`)
WHERE `session_id` =  'blabla'
AND `ip_address` =  '127.0.0.1'
AND `user_agent` =  'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2   
(KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2'

How do I decrypt the session id and check if I get a match from the db?

Thanks in advance

George

Answer 1

To decrypt the cookie with node.js I think the simplest way is to directly call your CodeIgniter application via comand line. So create a controller with a function decrypt (for exemple) :

class Welcome extends CI_Controller
{
    public function decrypt($toDescrypt)
    {
        $this->load->library('encrypt');
        $toDescrypt = urldecode($toDescrypt);
        echo $this->encrypt->decode($toDescrypt);
    }
}

And in node.js :

var exec = require('child_process').exec;
var mysql = require('mysql');
var client = mysql.createClient({
    user: 'root',
    password: ''
});

var server = require('http').createServer(function(request, response){
    var cookies=(function(str){
        var result={};
        str.split(/;\s+/).forEach(function(e){
            var parts=e.split(/=/,2);
            result[parts[0]]=parts[1]||'';
        });
        return result;
    })(request.headers.cookie),
    sessionCookieName='ci_session',
    sessionId=cookies[sessionCookieName]||'';

    //Execute the PHP code which will decrypt your sessionId and then you can use it to make your request
    var result = exec('php index.php welcome decrypt ' + sessionId, function(error, stdout, stderr) {
        var parts = stdout.split(';')
        var session_id = parts[1].split(':')[2];
        var ip_address = parts[3].split(':')[2];
        var user_agent = parts[5].split(':')[2] + ';' + parts[6] + ';' + parts[7];
        var query = 'select * from ci_sessions where session_id=' + session_id +
                ' and ip_address=' + ip_address + ' and user_agent=' + user_agent;

        client.query('use test');
        client.query(query, function(err, results, fields) {
            console.log(results[0].user_data);

            client.end();
        });
    });
}).listen(8080);