Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How To Maintain PHP Session State With Another Application

Tags:

php

coldfusion

GOAL:

Maintain session state between a PHP application and a Coldfusion application which together, comprise the entire application.

CURRENT METHOD:

Upon logging into our Coldfusion application (the only way to login, i.e., cannot login via the PHP application), we are using the following JS snippet to call a remote PHP file which sets the PHP session cookies (which cannot be set via Coldfusion), and on subsequent Coldfusion page visits, refreshes the PHP session:

<script type="text/javascript">
  // Create an image.
  var imgPing = new Image();
  // Set image src to App A ping url.
  imgPing.src = "http://remotePHPApplicationURL/remoteFile.php";
</script>

This snippet is loaded on each Coldfusion page when logged in to maintain the parallel sessions.

This method works as designed if called via a non-SSL Coldfusion page, however, there are some SSL Coldfusion pages which comprise the application. When an SSL page calls this snippet, we get both an "insecure content" warning (which breaks our SSL connection), as well as an "annonymous function" error, both within the Chrome Inspector.

We've tried CFHTTP to "GET" this PHP file, but it is not setting the PHP cookies as designed. There is something that I don't understand regarding how, by using img.src, the PHP file is executed vs. using CFHTTP.

QUESTION:

Is there another, better method of calling/executing/pinging the PHP file vs. uring the img.src which seems to only work in non-SSL situations?

Here is an example of what the PHP file looks like:

<?php
  error_reporting(E_ALL & ~E_NOTICE);
  define('THIS_SCRIPT', 'index');
  define('CSRF_PROTECTION', true);

  $globaltemplates = array();       

  require_once('./global.php');

  $phpapp->session->save();
  setcookie('userid', 'uid');
  setcookie('password', 'pass');
  header("Content-Type: image/png");
?>
like image 311
goxmedia Avatar asked Jul 12 '26 01:07

goxmedia


1 Answers

You can use CFHTTP but you have to use it like a proxy between the browser and the remote application and manually manage the cookies sent and received.

I've done this successfully to log users into phpBB from ColdFusion

The process would look something like this

  1. CFHTTP to remoteFile.php
  2. Inspect the returned http response and extract the cookies set by the remote app
  3. use CFCOOKIE to set them in the users browser

In subsequent requests you'll need to see if the cookies sent by the app are present and if they are pass them along with the CFHTTP request in step 1 using CFTTPPARAM. Theres probably a sessionid or similar cookie set by the app, this needs to be sent to maintain the session.

like image 142
Chris Blackwell Avatar answered Jul 13 '26 14:07

Chris Blackwell



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!