How can I start a session from within a session?

Posted on 2009-12-30
Last Modified: 2013-12-12
I'm creating a bridge for SMF and Magento, and the Magento to SMF portion is complete. The other side is a real pain because I need a way to open a Magento session from 'within' an SMF session and securely pass a couple variables to the new session. I can't just close the SMF session. The good folks at SimpleMachines are at a loss and the Magento forums, you probably know how that is :D
I could open a new window and run the new session, but some people's browsers block new windows so that wouldn't be a great solution for me. I just need to run some code, I do not need any output, do not care about any errors. A sample of what I want to run outside my SMF session is below. It will just log the already authenticated smf user into Magento.
In SMF, this is going to run immediately after the 'integrate login hook', so the headers won't have been sent and the SMF script will be just about to redirect and set it's login cookie (so there can't be any output).
I have put this 2nd script in another file in the same directory and tried opening it with exec() with no success. exec() works for commands like ls and whoami but I didn't get it to work opening this file, not sure why or if this is a good idea. I am using godaddy shared hosting if it makes a difference.
I tried curl, but it looks like curl treats the called script like an include so that didn't work. Is there any way to call this file and run it in the background without opening a window? Or running it in an iframe? Or running it from within SMF's session handler (not likely according to them)? Any suggestions, theories, wild guesses or anything on how to do this would really be appreciated. I've been banging my head on this for weeks now :/

require_once($_SERVER['DOCUMENT_ROOT']. '/store/app/Mage.php'); 
$app = Mage::app("default");  
Mage::getSingleton('core/session', array('name'=>'frontend'));
$session = Mage::getSingleton('customer/session');
$customer = Mage::getModel('customer/customer')
$customer->loadByEmail($email);//will need to pass this from SMF session   
Mage::dispatchEvent('customer_login', array('customer'=>$customer));
exit(); //or die or return or whatever

Open in new window

Question by:Andre_nickatina
    LVL 11

    Expert Comment

    I've never used Magento or SMF... however I'm confident that you can't "open a session within a session".

    In PHP, the structure of the session is an array.  If you do a "echo '<pre>' . print_r($_SESSION,1) . '</pre>';", you should be able to see what your session looks like.  You can use the same session for both systems by simply storing your Magento and SMF data into $_SESSION['magento'] and $_SESSION['smf'], respectively.

    Author Comment

    Thank you for your reply.
    Unfortunately to do this I would have to modify the session handler for at least one of these softwares. I don't want to modify the code of either of these because that can cause problems in the future when updating. Magento will check the md5 sum of the files on updating and if incorrect, replace it, so every time I update it would erase my modifications.
    Is there any way at all to execute a local script not as an include? Or switch sessions temporarily and then switch back? Or force a pop-up window that can run the script and then auto-close?
     I know this might not be possible...
    LVL 12

    Expert Comment

    What is SMF? and how does it integrate with magento?

    I also found this page that talks about sessions. CHeck out the replies. I think your answer lies in the replies.

    Author Comment

    Thank you for your reply.
    SMF is a free PHP forum software. It is very well written and supported and I prefer it to any others. It uses persistant sessions using cookie and MySQL

    That is in fact some of the code I am trying to run. I've been to that page quite a few times in the last few weeks :D
    That code starts a new magento session, which doesn't work from the script I need to call it from because I am already in a session. If I just use that code it will set the cookie and the rest of the code will fail because I can't access the session or the session objects and data.

    I do have a solution that I think I can use in case somebody else here is needing an answer to this question. I could override the Magento customer api script, set up an api account, rewrite all the api functions and add the ones I need and just call the api using soap from within my script. That is just a lot more work :D
    Besides, Magento documentation is VERY poor (can't stress this enough) and this would require lots of trial and error and time.

    Let me restate what I am looking for to simplify it a little if possible:

    I am inside a session and I need to execute and pass a couple variables to a  local php script that needs to start it's own session.
    LVL 107

    Expert Comment

    by:Ray Paseur
    "I am inside a session and I need to execute and pass a couple variables to a  local php script that needs to start it's own session."  That is not a technically competent design.

    There is ONE session in PHP.  The data for that session is kept in the $_SESSION array, which is a mutable "superglobal" array - available in all scopes and namespaces.  The connection between the client and the session data is made via the session id.  Usually the session id is placed in the cookie.  It is a pointer to the files on the server that have the session data.  As each script is started the client sends the session id, and PHP uses it to look in the session storage (probably a "tmp" file) and recover the values that go into the $_SESSION array.  Those are populated before your script gets control.

    So the values in the $_SESSION array must co-exist throughout the entire GLOBAL scope of all functions, classes and namespaces.  $_SESSION["abc"] will be the same variable in all of your code, and if one script changes this value it will be changed for all scripts that subsequently use the session.

    Every page can issue session_start() - ONCE - and before any browser output.  Then the page has access to all the session data, and can do anything to the session data, or nothing, depending on your unique business requirements.  But the session cannot have another session - you would need to find an alternative to this design.

    Since sessions are "per client" you want to be aware that the browsers on your client machine all share the same session cookie.  Thus the session persists until the LAST instance of the browser is closed.  This is often very confusing during testing, and the usual symptom that is reported goes something like, "I keep getting the wrong login."

    Anyway, best of luck with it, and please choose another design, ~Ray

    Accepted Solution

    What I ended up doing was setting a cookie to save the variables I needed in my other session, redirecting to a new page, starting the other session, and then going back to the first session. The script checked to see if the cookie was set to prevent it from endlessly looping.
    The files for this Magento - SMF bridge are here:
    if anyone is interested. Add Tinyportal to this mix and you have an awesome CMS E-commerce website ;)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
    Part of the Global Positioning System A geocode ( is the major subset of a GPS coordinate (, the other parts being the altitude and t…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now