问题
I'm currently trying to use the current session of a php web page from an applet. I tought it would be straightforward, but it didn't go as smooth as I tough. From the php man:
session_start() creates a session or resumes the current one based on a session
identifier passed via a GET or POST request, or passed via a cookie.
From there I did some php (simplified here):
// PAGE1.PHP
session_start();
$_SESSION['test'] = true;
echo "sid=" . session_id();
// PAGE2.PHP
session_start();
if ($_SESSION['test'])
$echo "success";
else
$echo "fail";
So, from my applet, I do a request to PAGE1.PHP and it returns me the session id. When I do a new request on the page 2, I pass the session id as a parameter and it seems that the session wasn't kept. I use
URL url = new URL("my/url/PAGE2.php?sid=" + session_id);
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(data); // data is the post data created previously
wr.flush();
// Get the response
BufferedReader rd = new BufferedReader(
new InputStreamReader(conn.getInputStream()));
String line;
while ((line = rd.readLine()) != null) {
System.out.println(line);
}
I have tried via POST and GET method and it doesn't seem to work.
So I'm wondering if it's possible, and if yes, what do I miss?
thanks.
回答1:
Your PAGE2.php is not actually using the sid param you're passing via _GET to initiate the session.
In page2.php, try:
session_id($_GET['sid']);
session_start();
instead of plain-old:
session_start();
回答2:
Accepting session IDs as part of the GET is bad form, and bad idea security wise. I would suggest that you retrieve the session ID from the PHPSESSION cookie with something like:
Following java snippet was shamelessly copied from here – Have a look at that (although it is java 1.4 specific).
public String getCookie() {
/*
** get all cookies for a document
*/
try {
JSObject myBrowser = (JSObject) JSObject.getWindow(this);
JSObject myDocument = (JSObject) myBrowser.getMember("document");
String myCookie = (String)myDocument.getMember("cookie");
if (myCookie.length() > 0)
return myCookie;
}
catch (Exception e){
e.printStackTrace();
}
return "?";
}
public String getCookie(String name) {
/*
** get a specific cookie by its name, parse the cookie.
** not used in this Applet but can be useful
*/
String myCookie = getCookie();
String search = name + "=";
if (myCookie.length() > 0) {
int offset = myCookie.indexOf(search);
if (offset != -1) {
offset += search.length();
int end = myCookie.indexOf(";", offset);
if (end == -1) end = myCookie.length();
return myCookie.substring(offset,end);
}
else
System.out.println("Did not find cookie: "+name);
}
return "";
}
Elsewhere in your code grab the session id using:
getCookie("PHPSESSION"); // replace this with the cookie name in your /etc/php.ini
and set it in your applet.
conn.setRequestProperty("Cookie", "PHPSESSION=value");
Far more current information is available at the sun java cookie page
来源:https://stackoverflow.com/questions/3136898/using-a-session-with-php-and-java