Using Cake sessions outside of Cake

by brightball
While recently working on a CMS tool, I needed to pass some in-session information. I was using Cake's database sessions and it wasn't playing nice with outside applications so I set this up to allow my outside application to use Cake's session handlers.
The short version is that you need to make sure all of the path's are setup correctly, which happens in index.php.

Copy your index.php file into another file (I called it cake_session.php). This file needs to be in the webroot because index.php initializes the paths based on the location of webroot.

In your cake_sessions.php file find this line (should be line 86):


if (isset($_GET['url']) && $_GET['url'] === 'favicon.ico') {

And delete everything from there down. Now just add this code:


if(App::import('Core','Session')) {
   $session = new CakeSession();
   $session->start();
}

Check your $_SESSION variable to make sure everything works. You should be able to just include this file anywhere that you want to use your cake session.

Report

More on Tutorials

Advertising

Comments

  • NoOne posted on 01/24/10 11:52:44 AM
    @Cake_session.php I removed this: if (isset($_GET['url']) && $_GET['url'] === 'favicon.ico') block and replaced for the if suggested.


    @ My external pages I have:

    Page1:
    require("storev1/app/webroot/cake_session.php");
    $item = array($id, $price, $name, $price);
    $_SESSION['cart']=$item;

    Page 2:
    require("storev1/app/webroot/cake_session.php");
    print_r($_SESSION);

    And the output is:
    Array ( [cart] => Array ( [0] => a08a40d9-081a-11df-97ae-6dad1c823895 [1] => 60 [2] => Calcas de Sarja [3] => 60 ) [oi] => oi )

    In my cake pages the output of print_r($_SESSION) is:
    Array ( [Config] => Array ( [userAgent] => cbad7cf5758f0f74a0172958dc10348e [time] => 1264390588 [timeout] => 3 ) )

    What am I doing wrong here?

    PS: If I print session_id on cake and external the output won't be the sane id :S
    • brightball posted on 01/25/10 10:36:16 AM
      @Cake_session.php I removed this: if (isset($_GET['url']) && $_GET['url'] === 'favicon.ico') block and replaced for the if suggested.


      @ My external pages I have:

      Page1:
      require("storev1/app/webroot/cake_session.php");
      $item = array($id, $price, $name, $price);
      $_SESSION['cart']=$item;

      Page 2:
      require("storev1/app/webroot/cake_session.php");
      print_r($_SESSION);

      And the output is:
      Array ( [cart] => Array ( [0] => a08a40d9-081a-11df-97ae-6dad1c823895 [1] => 60 [2] => Calcas de Sarja [3] => 60 ) [oi] => oi )

      In my cake pages the output of print_r($_SESSION) is:
      Array ( [Config] => Array ( [userAgent] => cbad7cf5758f0f74a0172958dc10348e [time] => 1264390588 [timeout] => 3 ) )

      What am I doing wrong here?

      PS: If I print session_id on cake and external the output won't be the sane id :S

      If the session id's aren't matching up, it sounds like the question's been answered. The first thing I'd ask is whether or not session auto-start is set turned on within Cake. I'm assuming that it is though.

      Outside of that, which type of cake session are you using (database, php, etc)?

      Have you tried pulling the session id from cookie used by Cake and forcing the non-cake session to start with that ID? Can you see the cookie with the cake session id from the non-cake page?

      Lastly, try disabling the Cake user agent check. It's a great security measure, but it can sometimes lead to invalidating sessions. It's one that I've had issues with in the past I know.

      • NoOne posted on 01/25/10 01:35:05 PM
        I just need to clear the active sessions at firefox :p

        @Cake_session.php I removed this: if (isset($_GET['url']) && $_GET['url'] === 'favicon.ico') block and replaced for the if suggested.


        @ My external pages I have:

        Page1:
        require("storev1/app/webroot/cake_session.php");
        $item = array($id, $price, $name, $price);
        $_SESSION['cart']=$item;

        Page 2:
        require("storev1/app/webroot/cake_session.php");
        print_r($_SESSION);

        And the output is:
        Array ( [cart] => Array ( [0] => a08a40d9-081a-11df-97ae-6dad1c823895 [1] => 60 [2] => Calcas de Sarja [3] => 60 ) [oi] => oi )

        In my cake pages the output of print_r($_SESSION) is:
        Array ( [Config] => Array ( [userAgent] => cbad7cf5758f0f74a0172958dc10348e [time] => 1264390588 [timeout] => 3 ) )

        What am I doing wrong here?

        PS: If I print session_id on cake and external the output won't be the sane id :S

        If the session id's aren't matching up, it sounds like the question's been answered. The first thing I'd ask is whether or not session auto-start is set turned on within Cake. I'm assuming that it is though.

        Outside of that, which type of cake session are you using (database, php, etc)?

        Have you tried pulling the session id from cookie used by Cake and forcing the non-cake session to start with that ID? Can you see the cookie with the cake session id from the non-cake page?

        Lastly, try disabling the Cake user agent check. It's a great security measure, but it can sometimes lead to invalidating sessions. It's one that I've had issues with in the past I know.

  • uniquearundwivedi posted on 09/15/09 05:47:13 AM
    how can migrate ckeditor with cake php 1.2 as a helper, please help me
  • byqsri posted on 04/02/09 03:36:33 AM
    SimpleSAML is effectively a software to do SSO.
    Users do login in my cakephp web site.
    CakePHP starts a session.
    In my cakephp web site I have a link to my Googleapps.
    GoogleApps manages access with SSO.
    Pratically I would use SimpleSAML to manage SSO with my GoogleApps.
    SimpleSAML should access to CakePHP session, should verify if the session is valid and returns the correct response to GoogleApps.
    On top of that I would that SimpleSAML is not in "webroot".
    My problem is effectively "how access session CakePHP from SimpleSAML"?
  • byqsri posted on 03/26/09 05:26:41 AM
    I explain my application because I don't succeed to sharing cake session
    even with the solution that you proposed to me.
    I have an external application (its name is SimpleSAML) that is not in "webroot" (it must be in a virtual host).
    I have my cake application where I do user authentification and I start a cake session . I would share this session with the external application.
    I have seen that if I put the external application in "webroot" I can see the COOKIE cake but I can't see the SESSION cake . If I put the external application outside of "webroot" I can't see neither the COOKIE cake nor the SESSION cake.
    I hope you can help
    • brightball posted on 03/27/09 11:51:53 AM
      The session cookie has to be able to be to be read in order to handle the session normally. If the application is in webroot, it should work without an issue though.

      For a more complex, cross-domain solution you're really looking at needing a Single Sign On system equivalent that would track the information for both systems in a single location.

      Assuming your Cake site is the single sign on location, you'd do have a use-case like this:

      1. user visits your other site SimpleSAML
      2. site does not detect that the user is logged in
      3. site redirects the user to your cake site to log in
      4. cake site detects that the user is already logged in, gets the session key, and redirects the user back to SimpleSAML with the session key encrypted in the URL
      5. SimpleSAML detects the session key and looks up the session from a central location (say a MySQL database), and starts a session with that information - verifying that the user is currently logged in
      6. SimpleSAML redirects the user back to the original page, clearing the session key from the URL

      All of that would happen transparently to the user the first time they accessed the SimpleSAML site. Once the local session was started on SimpleSAML everything would happen normally.

      There's also other ways of doing it, that's just an example though.
  • byqsri posted on 03/24/09 03:54:25 AM
    I try to read cake session from an php script that isn't in "webroot/" it is in the parent folder.
    My script is


    include("webroot/cake_session.php");
    session_name("CAKEPHP"); 
    echo "SESSION-CAKE:";
    echo "<pre>";
    print_r($_SESSION);
    echo "</pre>";
    die();

    But I can't read the session.
    Do I make some error?
    Thanks
    • brightball posted on 03/24/09 08:51:45 AM
      I try to read cake session from an php script that isn't in "webroot/" it is in the parent folder.
      My script is


      include("webroot/cake_session.php");
      session_name("CAKEPHP"); 
      echo "SESSION-CAKE:";
      echo "<pre>";
      print_r($_SESSION);
      echo "</pre>";
      die();

      But I can't read the session.
      Do I make some error?
      Thanks

      Try removing 'session_name("CAKEPHP");' and change the include to a require just to make sure that it's reading the file.

      The session name is already handled automatically if you've used the instructions from above.
  • byqsri posted on 03/23/09 05:06:44 AM
    Sorry but I have a security question.
    If someone steals the url (webroot/cake_session.php) if he include the file he can get the session or I wrong something ?
    • brightball posted on 03/23/09 11:09:34 AM
      Sorry but I have a security question.
      If someone steals the url (webroot/cake_session.php) if he include the file he can get the session or I wrong something ?

      Unless somebody was able to include the file and run it locally there is no way for them to steal and access the session. It's no different that the session logic that is run every time a page loads in Cake.

      So, really, they would have to have access to a script running on your server, that a user who already had an active session in your app was looking at, that was able to include the file and execute the code.

      Which basically means, only people that could actually access and run code on your server could access the session.
  • ADmad posted on 03/08/09 01:30:18 PM
    In your external application do

    session_name("CAKEPHP"); //Same as the value you have for 'Session.cookie' in core.php
    session_start();
    • brightball posted on 03/08/09 06:14:11 PM
      In your external application do

      session_name("CAKEPHP"); //Same as the value you have for 'Session.cookie' in core.php
      session_start();

      However, when you're using Cake's database sessions the session handler has to set all of PHP's session handling functions as well as establish Cake's database connection in order to use them.

      For the default PHP based sessions, that would be fine but anytime that you need session handling that cake (cake, database, cache, etc) has taken over it won't do the job.
login to post a comment.