问题
I need to authenticate my user through a curl script
session_start();
$_POST["username"]= "user";
$_POST["password"]= "password";
$ch = curl_init();
$url = 'signin.php';
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($_POST));
curl_setopt($ch,CURLOPT_POSTFIELDS, $_POST);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$result = json_decode(curl_exec($ch),true);
curl_close($ch);
The signin.php makes another curl call to an api, I made sure that signin.php returns all required information, sets all required session variables, returns an array:
echo json_encode(array(
'success' => true,
'ALLSESSION' => $_SESSION,
'error'=> ""
));
the ALLSESSION is returning the correct session variables, but they are not accessible directly, I mean I cant use $_SESSION["userid"], its not existent in the array of sessions.
How to preserve the session between the 2 pages?
Thanks
回答1:
The problem is that the client is not remembering/transmitting the PHP session id.
When an HTTP client makes a request to a php script (via an HTTP server), it must include the session id in the request if it wishes to continue a previously started session. This can be done either in the HTTP headers as a cookie or as a URL parameter (named PHPSESSID by default). If you do not want to use PHP's default session variable name, or if you want to use a POST variable instead of a URL parameter, then you can use any request variable or URL parameter you wish (whether it be GET, POST, or COOKIE), but then you will need to manually interpret this variable on the server-side.
Here are three solutions, in order of most recommended to least recommended.
- Turn on cookie support in cUrl or
- Pass the session id as a URL parameter or
- Pass the session id as a request variable (post/cookie) or a URL parameter that does not use the name expected by PHP, and then manually start the session on the server-side using that session id.
Solution #1: Turn on cookie support in cUrl
PHP uses the session id in the cookie to reload your session data each time you make a request from that client.
In this case, the client is cUrl. You need to setup your cUrl request to allow/use cookies. This is done by setting the CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE options.
session_start();
$_POST["username"]= "user";
$_POST["password"]= "password";
$ch = curl_init();
$url = 'signin.php';
//Name of a file to store cookie data in.
//If the file does not exist, it will be created.
//cUrl (or your web server) needs to have write permissions to the folder.
$cookieFile = "/some/writable/folder/filename";
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($_POST));
curl_setopt($ch,CURLOPT_POSTFIELDS, $_POST);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
//Tell cUrl about the cookie file
curl_setopt($ch,CURLOPT_COOKIEJAR, $cookieFile); //tell cUrl where to write cookie data
curl_setopt($ch,CURLOPT_COOKIEFILE, $cookieFile); //tell cUrl where to read cookie data from
$result = json_decode(curl_exec($ch),true);
curl_close($ch);
Any subsequent cUrl calls that use $cookieFile for CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE will have the same session data as prior calls.
Solution #2: Pass the session id in the URL query string using the expected parameter name (PHPSESSID by default, but this can be changed)
You can append the session id to all urls like this: somepage.php?PHPSESSID=sessionidgoeshere
"PHPSESSID" is the variable name that is used by default in PHP. If the server is setup to use a non-default name, then you would need to use that variable name instead.
With solution #2, you will still need to store the session id on the client-side somehow.
Solution #3: Pass the session id as a request variable or a URL parameter and then manually start the session on the server-side using that session id.
This solution is not recommended for normal situations. Unlike the previous solutions, this one requires changes to the server-side script as well as the client-side (cUrl). This solution is only useful if you specifically want to send the session id as something other than a URL parameter or cookie, or if you want to use a variable name other than the name that the server is expecting.
Place the following code in your server-side PHP that is handling the request, prior to starting the session:
session_id($_POST[<param_name>]); or session_id($_GET[<param_name>]); or session_id($_COOKIE[<param_name>]);
I suggest using Solution #1 unless you have a compelling reason not to.
Also, PHP doesn't care whether the request is a GET or a POST or any other HTTP request method. Regardless of the HTTP request method, if the session id is passed as a URL parameter or in a cookie, then the related session will persist on the server-side.
来源:https://stackoverflow.com/questions/25389151/php-session-not-saved-after-curl-call