how to use session variables between servers????
Somebody know how to use session variables between servers????
for example:
In localhost I had sesion.php with this code:
<?
session_start();
?>
<html>
<head>
<title>Generar variable de sesión</title>
</head>
<body>
<form action="http://www.itssc.edu.mx/sesion3.php" method="POST">
<p>Id
<input type="text" name="id" value="" size="">
</p>
<p>
Nombre
<input type="text" name="nombre" value="" size="">
</p>
<p>
<input name="enviar" type="submit" value="CONTINUAR">
</p>
</form>
</body>
</html>
--------------------------
I want to use the value in the variables inside sesion.php in http://www.itssc.edu.mx/sesion3.php
<?
session_start();
?>
<?
$_SESSION['direccion']=$_P
?>
<html>
<head>
<title>Muestra las variables de sesi&ocuate;n</title>
</head>
<body>
Muestro las variables:
<?
echo "<br>";
echo $_SESSION['id'];
echo "<br>";
echo $_SESSION['nombre'];
echo "<br>";
?>
</body>
</html>
--------------------------
I this possible????
Can I use session variables with php pages between diferent servers?????
for example:
In localhost I had sesion.php with this code:
<?
session_start();
?>
<html>
<head>
<title>Generar variable de sesión</title>
</head>
<body>
<form action="http://www.itssc.edu.mx/sesion3.php" method="POST">
<p>Id
<input type="text" name="id" value="" size="">
</p>
<p>
Nombre
<input type="text" name="nombre" value="" size="">
</p>
<p>
<input name="enviar" type="submit" value="CONTINUAR">
</p>
</form>
</body>
</html>
--------------------------
I want to use the value in the variables inside sesion.php in http://www.itssc.edu.mx/sesion3.php
<?
session_start();
?>
<?
$_SESSION['direccion']=$_P
?>
<html>
<head>
<title>Muestra las variables de sesi&ocuate;n</title>
</head>
<body>
Muestro las variables:
<?
echo "<br>";
echo $_SESSION['id'];
echo "<br>";
echo $_SESSION['nombre'];
echo "<br>";
?>
</body>
</html>
--------------------------
I this possible????
Can I use session variables with php pages between diferent servers?????
The simple answer: share them between servers.
The default session mechanism creates a file on the webserver and uses a cookie to identify the file. You could migrate the session directory (which is set in php.ini) to a storage device which is shared between the two webservers.
You can also write your own session handler: http://php.net/manual/en/function.session-set-save-handler.php This way you can save session data in a database - a popular method - or memcache for instance.
The default session mechanism creates a file on the webserver and uses a cookie to identify the file. You could migrate the session directory (which is set in php.ini) to a storage device which is shared between the two webservers.
You can also write your own session handler: http://php.net/manual/en/function.session-set-save-handler.php This way you can save session data in a database - a popular method - or memcache for instance.
@SimonDard: Placing the file on a storage device shared between serves isn't the best idea (in my honest opinion). The other options are quite good.
I hadn't even thought of the session handler... probably the best way to go.
I hadn't even thought of the session handler... probably the best way to go.
Hmm... What Simon says is true but I would suggest a bit over the top, akin to using a sledge hammer to crack a nut. Obviously it depends on your implementation but I would also suggest that having a shared session directory is a complex issue that also opens up a can of security worms.
If it is a single or occasional transfer of information, then as Michael suggests I would just use hidden fields in the form to pass the values. If you are going to have regular traffic between the two servers in the same browsing session i.e. that the site is effectively made up with pages and services from more than one server, then I would suggest using session cookies.
These will be set with a short TTL and as can also be secured to only work for certain domains or subdomains. You can also create the cookie as an array to store multiple pieces of information and then retrieve any or all of it.
If it is a single or occasional transfer of information, then as Michael suggests I would just use hidden fields in the form to pass the values. If you are going to have regular traffic between the two servers in the same browsing session i.e. that the site is effectively made up with pages and services from more than one server, then I would suggest using session cookies.
These will be set with a short TTL and as can also be secured to only work for certain domains or subdomains. You can also create the cookie as an array to store multiple pieces of information and then retrieve any or all of it.
<?php
# REMEMBER TO RELOAD THIS PAGE TWICE IN THE BROWSER
# ONCE TO SET THE COOKIES AND THE SECOND TIME TO RETRIEVE THEM
session_start();
/*
create a single cookie called "my_pet1" containing
value of dog and set it to expire in 1 hour
*/
setcookie("my_pet1", "dog", time()+3600);
/*
Or create cookie array called "my_pet2" containing
all the values of the pet and set it to expire in 10 seconds
*/
setcookie("my_pet2[animal]", "dog", time()+10);
setcookie("my_pet2[sex]", "female", time()+10);
setcookie("my_pet2[name]", "Tinkerbell", time()+10);
# retrieve the single cookie value
echo( "my_pet1: My pet is a " . $_COOKIE['my_pet'] . "<br/>" );
echo( "<br/>" );
# retrieve the cookie array values in a loop
if (isset($_COOKIE['my_pet2'])) {
foreach ($_COOKIE['my_pet2'] as $name => $value) {
echo( "my_pet2: $name : $value <br />" );
}
}
echo( "<br/>" );
# to retrieve a specific value from the cookie array first you
# have to bring the whole cookie back into a php array
$cookie_array = $_COOKIE['my_pet2'];
echo( "my_pet2 single item: " . $cookie_array['name'] . "<br/>" );
echo( "<br/>" );
?>
Please post the code in the code snippet so we can see line numbers, etc.
Also, please see the code snippet below, copied from the top. This does not make sense - $_SESSION['id'] and $_SESSION['nombre'] are undefined variables. They may be in the $_POST array, but there is nothing shown here that put these key=>value pairs into the session array.
Tell us a little more about what you mean by "between servers" -- are these parts of the same web site? What are the URL(s) etc.
Thanks and regards, ~Ray
Also, please see the code snippet below, copied from the top. This does not make sense - $_SESSION['id'] and $_SESSION['nombre'] are undefined variables. They may be in the $_POST array, but there is nothing shown here that put these key=>value pairs into the session array.
Tell us a little more about what you mean by "between servers" -- are these parts of the same web site? What are the URL(s) etc.
Thanks and regards, ~Ray
<?
session_start();
?>
<?
$_SESSION['direccion']=$_POST[direccion];
?>
<html>
<head>
<title>Muestra las variables de sesi&ocuate;n</title>
</head>
<body>
Muestro las variables:
<?
echo "<br>";
echo $_SESSION['id'];
echo "<br>";
echo $_SESSION['nombre'];
echo "<br>";
?>
</body>
</html>
I concur with both Murfur and mverschoof that using a shared filesystem is a bad idea. I actually investigated this a while ago for a failover/load balancing setup using multiple webservers. File locking and (near) instant failover are not possible with regular network filesystems and OCFS and GFS ('true' cluster filesystems) seem to crash to often to be useful. But it will work for simple testing and that is what I really meant (but forgot to mention).
Cookies will work, but are limited in size and numbers and there is the issue of domain mismatch. But if it works in this case, i would suggest using them as using a custom session handler and storage backend to go with it is not as easy and creates another point of failure to your application.
FYI: we ended up with MongoDB and a custom session handler akin to http://www.jqueryin.com/projects/mongo-session/
Cookies will work, but are limited in size and numbers and there is the issue of domain mismatch. But if it works in this case, i would suggest using them as using a custom session handler and storage backend to go with it is not as easy and creates another point of failure to your application.
FYI: we ended up with MongoDB and a custom session handler akin to http://www.jqueryin.com/projects/mongo-session/
What I would do is to set a unique variable in the URL of the link on server 1, and have server 2 request a page from server 1 where server 1 displays all the necessary session data.
so, link on server one:
www.example.com/path?session_id=123
server 2 has some code something like:
if(isset($_GET(session_id)
$sess_id = $_GET(session_id);
$session_array = file_get_contents(www.server1.com/display_session_info?session_id=$sess_id);
$session_array = unserialize($session_array
}
Server1 has a file called display_session_info.php with something similar to:
if(isset($_GET(session_id)
$sess_id = $_GET(session_id);
QUERY YOUR DATABASE HERE AND DOWNLOAD THE DATA INTO AN ARRAY CALLED "$session_array"
$session_array = serialize($session_array);
echo $session_array;
}
Depending on the importance of your session data, you may want to encrypt the data, and/or limit the access to display_session_info.php to certain IP addresses.
But that should be a really simple way for you to get started.
so, link on server one:
www.example.com/path?session_id=123
server 2 has some code something like:
if(isset($_GET(session_id)
$sess_id = $_GET(session_id);
$session_array = file_get_contents(www.server1.com/display_session_info?session_id=$sess_id);
$session_array = unserialize($session_array
}
Server1 has a file called display_session_info.php with something similar to:
if(isset($_GET(session_id)
$sess_id = $_GET(session_id);
QUERY YOUR DATABASE HERE AND DOWNLOAD THE DATA INTO AN ARRAY CALLED "$session_array"
$session_array = serialize($session_array);
echo $session_array;
}
Depending on the importance of your session data, you may want to encrypt the data, and/or limit the access to display_session_info.php to certain IP addresses.
But that should be a really simple way for you to get started.
ASKER
Hi Ray thanks for your answer
When I say between servers, I mean this
I want to use in sesion3.php that I had in (http://www.itssc.edu.mx) the content of the fields "id" and "nombre" of sesion.php that I had in localhost.
If I use this to pages on localhost or http://www.itssc.edu.mx everything works very well, the problem is when I try to use this pages in diferents servers.
When I say between servers, I mean this
I want to use in sesion3.php that I had in (http://www.itssc.edu.mx) the content of the fields "id" and "nombre" of sesion.php that I had in localhost.
If I use this to pages on localhost or http://www.itssc.edu.mx everything works very well, the problem is when I try to use this pages in diferents servers.
Are the different servers at different URLs? Part of the same cluster? Different subdomains? Please tell me a little more, thanks.
ASKER
yes localhost is in our intranet in mexico and http://www.itssc.edu.mx is in a dedicated server that we had in texas.
best regards
best regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help ray
I agree with Ray. There are a bunch of security risks in sharing session data and i would advise against it at all times. If you really want/need to do this however, your options are limited...
I am willing to participate in a discussion to find an alternative to your problem, as Ray suggested.
Cheers,
Michael
I am willing to participate in a discussion to find an alternative to your problem, as Ray suggested.
Cheers,
Michael
Thanks for the points. My sense is that the API might be the way to go. But distributed data bases have never been as much "fun" as they sounded. Best of luck with it, ~Ray
This way you can send the variables with the form and let the other page save them in a new session.
If you need more info let me know.
Cheers,
Michael