All geek questions in one place

Manually start a session with a specific id / transitioning session cookie between domains

My host requires me to use a different domain for secure SSL access (shared SSL), so I need to switch to a user session between the two domains. One part of the page lives at http://example.com , and the SSL'd part is https://example.hosting.com . Essentially, I cannot set a cookie that supports the domain.

What I'm trying to do is translate the session id and re-set the cookie as follows:

  • http://example.com/normal/page , the user clicks the link to the protected area and goes to:
  • http://example.com/secure/page , which calls the redirect:
  • https://example.hosting.com/secure/page?sess=ikub... which resets the session and sets a new cookie valid for the domain, then redirects to:
  • https://example.hosting.com/secure/page

This works until the moment when the session should be resurrected. I do:

 function beforeFilter() { ... $this->Session->id($_GET['sess']); $this->Session->activate(); ... }

As far as I can tell, this should start with a given identifier. It actually generates a new session identifier, although this session is empty, data is not restored.

This is on CakePHP 1.2.4. Do I need to do something, or is there a better way to do what I'm trying to do?

+4
source share
3 answers

When Configure::write('Security.level') set to medium or higher, session.referer_check implicitly activated, which causes everything to fail. Setting the security level to low (or using a custom session configuration) does everything as it should.

It took about 5 hours to debug ... (-_- ;;)

+2
source

My first thought is to use Cake file sessions and copy the file, and then maybe try to start a new session with this phpsessid, although I'm not even sure if this really works or not :)

0
source

With Cake 2.6.1 - This is what worked for me.

  $this->Session->id("tfvjv43hjmsnjkh0v3ss539uq7"); // add session id you want to set $this->Session->id(); $this->Session->read("key"); // hhoorray worked :)

with the SessionComponent id () function, you need to call it twice with a session identifier to set session_id (); and a second time to start a cake session. The first call doesn’t really start the session ... I don’t know how Cake Guys missed it.

Upvote if this works for you.

-1
source

Source: https://habr.com/ru/post/1310812/

More articles:


All Articles