How to make Symfony2 read php native session directly - session

I have a Symfony2 app and I have to read the sessions set from another, non-symfony app.
The non-symfony app just set its sessions into $_SESSION, as usual.
However, when I attempt to read this session, the data isn't there. No matter I do it by
$session = $this->get('request')->getSession();
var_dump($session->all());
or even (I know I shouldn't do this, but anyway)
var_dump($_SESSION);
and this gives me session already started error, and I have no idea why there is error despite I have never started session in the Symfony app. Tells me if this way actually work so that I can look into session_start() thing.
$session = new Session();
$session->start();
var_dump($session->all());
The PHPSESSID cookie is set in the Symfony2 app and its value is the same as the cookie set in the non-symfony app, but my Symfony2 app just refuse to read the content of the session. ($session->getName() returns PHPSESSID, to be clear)
(To be exact, both apps are under same domain but different subdomains, and I have already set framework.session.domain correctly in app/config.yml in Symfony app and called session_set_cookie_params on the non-symfony app to have the same domain setting to allow sharing session cookie between subdomains i.e. .example.com)
So how do you read sessions in a Symfony2 app/Controller that is set by a non-symfony app? Thanks.
I am using Symfony 2.1, if this matters.

No need to write a custom session handler, the native one from Symfony2 can directly read/write from the default PHP $_SESSION.
In config.yml of your Symfony2 app, add a save_path option as below:
framework:
session:
save_path: ~
Clean the cache, and now your sessions will be saved in the default PHP path instead of the Symfony2 sessions folder. You can now share data, that's what I did to login data between a new Sf2 app and an old Sf1 app.

You won't be able to use the native Symfony2 session wrapper classes because they read session data from app/cache/{env}/sessions/{session_id}, and your non-Symfony2 app isn't writing its session data to that location.
You could write a custom session handler in your non-Symfony2 app that writes to that location, or better still you could write a native session handler class in Symfony2 which bypasses the default Symfony2 session read location and gets it from the default PHP session path
EDIT: Since writing this answer there is now a much more elegant solution available in gadbout's post below.

Related

How to add a flashdata after session_write_close()

I upgraded my application from CI2 to CI3 (CI v3.1.9 and PHP7). Now I have performance issue with the new concurrency system in the session (see doc).
Some of the actions in the application are very long (because of calling an external APIs that can takes several minutes to respond for example) and I don't want those actions to lock the session. As recommended, I would use session_write_close() function in the controller before doing the very long action.
The problem is that I want to display a message to user after redirecting at the end of this action. Right now, I am using session->set_flashdata() before the redirection, but because I closed the session earlier, it is not working.
Does anyone have recommendations on how to achieve that?
If I am starting the session again with session_start() it is working, but I have no idea if this is best practice to use PHP session like that with Codeigniter.
There is no problem with starting the session again using session_start(). The CodeIgniter "Session" class is still loaded and the instance is still valid. So all the "special" stuff that CI does to make sessions work is good to go.
I tested and then used this scheme in a project some time back and didn't experience any problems. Haven't had any blow-back from the client of a still operating site either. YMMV.
BTW, in the __construct() function of the CI_Session class a call to session_start() is made in order to start up PHP's session extension. So making that call is clearly not a "bad" practice. :)

Flash message require session

I'm trying to use express-flash in a standard web express js app. I don't want to use session, because I want to do the app as stateless as possible, but when I try to use without session, the app show me this error:
req.flash() requires sessions
Can I use express-flash without session? Can I use other alternatives for this kind of messages?
Thanks.
Note: A flash message is a variable stored within a session that is only available once, for the next request. That is if we put a flash variable and renders a page, the flash variable is available but if we render the same (or other) page again the flash variable is not present (it is destroyed).
-- acanimal
Based on this premise, you need to have sessions to use message flashing.
One way I think you can accomplish what you want is to add an item to the request (req) object in your middleware, and then in your controller, check if the key exists. You can then pass a specific message to your template, assuming you're using a template engine or pass it as part of your response.
Hope this helps.

What actions cause a Coldfusion session to be extended?

When you set up a ColdFusion session inside of a application.cfm or application.cfc file you can define a sessionTimeout like:
<cfapplication name = "appname"
sessionTimeout = #CreateTimeSpan(0, 0, 30, 0)# <!--- 30min timeout --->
sessionManagement = "yes">
I think that a ColdFusion session is 'extended' or 'renewed' every time:
The user navigates to a new ColdFusion Template (a .cfm file)
The user refreshes a Coldfusion Template (a .cfm file)
The user accesses a ColdFusion Component (a .cfc file) in any way, including via ajax calls that run a cffunction in the .cfc file.
In other words, if a user performs any of the actions above (assuming the sessionTimeout is 30 minutes like in the above example) the session will expire 30 minutes from when the action was performed--essentially 'extending' the life of the session to the value of sessionTimeout each time the user performs one of those actions.
Does this understanding sound correct? Are there any actions that 'extend' a ColdFusion session that I'm missing? Do the ones I listed actually behave how I think they behave and 'extend' the session?
Something similar was asked here: Can we renew session in Coldfusion?
What Alex says is true. There is a way of maintaining a session without cookies if you look at the docs. Check out the section Using client and session variables without cookies.
The only other way I can think of extending a session without user intervention would be if you can find the session through SessionTracker. Here's a nice post about it: Advanced ColdFusion Session Management.
In fact, in the comments, it says that if you access the sessions through the built-in java methods, you might extend them:
You might want to note that as soon as you access any sessions through
those methods, you'll update the "lastAccessed" timestamp.

Sessions in Meteor

After a research it seems that Meteor Sessions are reset after refreshing page or opening the website in new tab, i.e. they are not usual server-side sessions but something like global javascript variables on client-side. Some people advice to use AmplifyJS, but I'm not sure that it will work like usual session in other frameworks/languages and also it is a third party library, so is there any normal way to use sessions in Meteor, i.e. keep user-specific data on server?
At this moment I'm handling that by using custom Collections, but it is not an ideal way of doing that because it is needed to remove expired values from Collection manually, which makes additional troubles.
Yes this is correct. Despite the name Session is nothing like a cookie, but just a reactive form of a variable stored in a hashmap
To keep data persistent across tabs you need to use a Collections (as this is the only way to reactively share data across tabs) - Cookies can't work because they can't be made reactive as data needs to be sent to the server to notify the client when there is a change. There really wouldn't be another way at the moment as the publish/subscribe methods can only send down data from collections at the moment.
You can use your setup you have now with your custom collection. You can use a server side cron job to remove expired data (either with Meteor.setInterval or Tom Coleman's cron.
There is a package developed just for that: https://atmospherejs.com/u2622/persistent-session
After installation you can use the following functions to set sessions which are persistent:
//store a persistent session variable which is stored across templates
Session.setPersistent(key, value);
//same as above, but automatically deletes session data when user logs out
Session.setAuth(key, value);
I've tried the package and it works like charm.

When copy the url from one browser to another browser my session data are not coming in asp.net MVC3

When i copy the URL from one browser to paste it in another browser my session data not retrieved it shows "Object reference not set to an instance of an object".
(Please note - this answer assumes you are not already using cookieless sessions)
The way sessions work in ASP.NET is that when you first access a site, a cookie-file is placed in your browsers cookie-store. The cookie contains a session ID, so the next time you access that site from that browser the ID is passed to the web-application and it knows which session-state to load.
However, each browser implements it's own cookie-store, so switching browsers means the site cannot determine your session ID.
One way to get around this is to use cookieless sessions. However, these have a number of issues relating to usability and security, so think long and hard before deciding they are for you.
Another option is to tie together your authorization and session systems. However, this is not generally recommended either.
You will not be able to access session values across multiple browsers.
Also, you should check if the value exists in Session to avoid Server Error.
if(Session["Key"] != null)
{
//Write your code here
}
else
{
//Alternative code (redirection code)
}

Resources