How can I send trade offer

Question

Actually I am working on Steam trade offer functionality, in which I am getting a problem. I have downloaded the Steam class library and implement it in Codeigniter. I am following the setup guide from https://github.com/halipso/php-steam-tradeoffers#setupsessionid-cookies this. Actually I don't know about session id and cookie:

$steam->setup('sessionID', 'cookies');

What will be sessionID and cookies?

I have read about it but did not get any solution. How can I get and implement it in my code?

Answer 1

Well if this is on Laravel you can send _token which call as csrf_field by them.

---

In CI you can do like this. (csrf generate unique session id)

Path - application/config/config.php

$config['csrf_protection'] = TRUE;

In Login form, you can add this or in page initialize you can add this

$csrf = array(
        'name' => $this->security->get_csrf_token_name(),
        'hash' => $this->security->get_csrf_hash()
);

<input type="hidden" name="<?=$csrf['name'];?>" value="<?=$csrf['hash'];?>" />

So when saving you can add this to the session. BTW this token can use for cookie as well.

Read this Cross-site request forgery (CSRF)

Tokens may be either regenerated on every submission (default) or kept the same throughout the life of the CSRF cookie. The default regeneration of tokens provides stricter security, but may result in usability concerns as other tokens become invalid (back/forward navigation, multiple tabs/windows, asynchronous actions, etc). You may alter this behavior by editing the following config parameter

Source Codeigniter documentation

---

If it's not in a login page, then

Its better to se this false,(due to this Tokens may be either regenerated on every submission (default))

$config['csrf_regenerate'] = FALSE;

Answer 2

The session ID is the UUID of Steam which corresponds to our Steam profile. The cookies are there to keep you authenticate.

Here's an example how you can get the sessionID and the cookies : https://github.com/SzymonLisowiec/php-steamlogin (not my repo, credit to SzymonLisowiec)

Answer 3

First of all the documentation at doc says that you only need a API KEY in order to send the requests and calls to endpoint, for the class library you are using have helped you from going into your account and getting API KEY yourself.
so by examining class SteamTrade would explain setup(sessionId, cookies):

1. if have API KEY then I don't need Cookies and SessionID stop else go step 2.
2. get API KEY but you should provide me with Cookies and sessionid in order for me to login and accept agreement and register your account as developer account go step 1 else show error .

Note: all calls done with this format no need for SessionID and Cookies only if not provide API KEY.

http://api.steampowered.com/interface-name/method-name/version/?key=apikey&format=format.
Screenshot:
show how to grab sessionid and cookies with firefox inspector cookies tab