Share sessions between php and node

Question

Is there an recent guide (or example code) to using node, express, and redis/predis to share PHPSESSID?

I\'ve found several tutorials 1-2 years old and they are all

Answer 1

For node (and Express 4.x):

Start with the example from express-session, but use connect-redis as your session store instead.

Example code:

var express = require('express'),
    app = express(),
    cookieParser = require('cookie-parser'),
    session = require('express-session'),
    RedisStore = require('connect-redis')(session);

app.use(express.static(__dirname + '/public'));
app.use(function(req, res, next) {
  if (req.url.indexOf('favicon') > -1)
    return res.send(404);
  next();
});
app.use(cookieParser());
app.use(session({
  store: new RedisStore({
    // this is the default prefix used by redis-session-php
    prefix: 'session:php:'
  }),
  // use the default PHP session cookie name
  name: 'PHPSESSID',
  secret: 'node.js rules'
}));
app.use(function(req, res, next) {
  req.session.nodejs = 'Hello from node.js!';
  res.send(JSON.stringify(req.session, null, '  '));
});

app.listen(8080);

For PHP:

Use a redis session handler like redis-session-php.

Example code:

<?php

// from https://github.com/TheDeveloper/redis-session-php
require('redis-session-php/redis-session.php');
RedisSession::start();

$_SESSION["php"] = "Hello from PHP";

// `cookie` is needed by express-session to store information
// about the session cookie
if (!isset($_SESSION["cookie"]))
  $_SESSION["cookie"] = array();

var_dump($_SESSION);

?>

Note: Make sure you use the same prefix(connect-redis)/REDIS_SESSION_PREFIX(redis-session-php) (connect-redis uses 'sess:' and redis-session-php uses 'session:php:' by default) and ttl(connect-redis)/session.gc_maxlifetime(PHP) (and same database if you are using a redis database other than the default) for both redis-session-php and connect-redis.

Answer 2

I just wanted to offer an alternate solution here that doesn't require redis and I've been using for a couple years (cross-posting from another answer):

This requires the following:

npm install cookie

npm install php-unserialize

This solution uses the session files on the machine - you shouldn't have to change this line.

session.save_handler = files

^ Should be like this in your php.ini file (default).

Here is the super simple code to retrieve the session data:

var cookie = require('cookie');
var fs = require('fs');
var phpUnserialize = require('php-unserialize');

//This should point to your php session directory.
//My php.ini says session.save_path = "${US_ROOTF}/tmp"
var SESS_PATH = "C:/SomeDirectory/WhereYourPHPIs/tmp/";

io.on('connection', function(socket) {
    //I just check if cookies are a string - may be better method
    if(typeof socket.handshake.headers.cookie === "string") {
        var sid = cookie.parse(socket.handshake.headers.cookie);
        if(typeof sid.PHPSESSID === "undefined") {
          console.log("Undefined PHPSESSID");
        }
        else {
            console.log("PHP Session ID: " + sid.PHPSESSID);
            fs.readFile(SESS_PATH + "sess_" + sid.PHPSESSID, 'utf-8', function(err,data) {
                if(!err) {
                    console.log("Session Data:");
                    var sd = phpUnserialize.unserializeSession(data);
                    console.log(sd);
                }
                else {
                   console.log(err);
                }
            });
        }
    }
}

Results:

Authenticate user for socket.io/nodejs