在PHP命令行中访问会话? [英] Accessing session in PHP command line?
问题描述
我知道命令行不是Web服务器,因此您无法访问 $ _ SESSION 。但是我不知道还能做什么。
I understand that command line is no web server, so you can't access $_SESSION. But I don't know what else to do.
我一直在关注本教程,使用websockets创建聊天: http://www.phpbuilder.com/articles/application -architecture / optimization / creating-real-time-applications-with-php-and-websockets.html
I've been following this tutorial to create a chat using websockets: http://www.phpbuilder.com/articles/application-architecture/optimization/creating-real-time-applications-with-php-and-websockets.html
我的问题是,我不知道如何安全地获取邮件发件人的用户名。我可以将它包含在消息发送功能中,但由于它是在Javascript中,所以每个人都可以将其用户名编辑为别人。
My problem is that, I do not know how to get the username of the message sender securely. I could include it in the message send function but since it's in Javascript, everyone can just edit their username to someone elses.
我如何安全地获取用户的用户名, $ _ SESSION ['username'] ?
How could I securely get the username of the user, which is $_SESSION['username']?
var Server;
Server = new FancyWebSocket('ws://0.0.0.0:9000');
send( "test" );
我愿意接受各种建议,比如websockets的替代品。我正在为我的网站创建一个实时聊天。
I'm open to all kind of suggestions, like alternatives to websockets. I'm creating a realtime chat for my website.
推荐答案
第一种选择当然是AJAX请求。 AJAX没有无法快速轻松地访问WebSockets所具有的会话的问题。任何足够频繁的采样率都与实时无法区分。
First alternative is, of course, AJAX requests. AJAX doesn't have the problems of not being able to quickly and easily access the sessions that WebSockets has. Any sufficiently frequent sample rate is indistinguishable from real time.
现在,对于我在WebSockets中实现的相当冗长的解决方案:
Now, to my rather long-winded solution implemented in WebSockets:
握手期间WebSocket服务器可以使用HTTP头,包括cookie。在您正在使用的服务器中, PHP-Websockets ,标头存储在 $ headers property。
The HTTP headers are available to the WebSocket server during the handshake, including the cookies. In the server that you're using, PHP-Websockets, the headers are stored in the $headers property.
例如:
var_dump($user->headers);
array(14) {
["get"]=>
string(8) "/echobot"
["host"]=>
string(14) "127.0.0.1:9000"
...snip...
["cookie"]=>
string(100) "PHPSESSID=jan9uknpc06mk4ddghph4870t1; MyCookie=My+Value%21%40%23%24%25; MyNonhttponlyCookie=My+Value"
}
这些cookie来自
session_start();
$_SESSION['Hi!'] = array('Hello!', 'where' => 'world!');
setcookie('MyCookie', 'My Value;!@#$%', 0, '/', '127.0.0.1', false, true);
setcookie('MyNonhttponlyCookie', 'My Value', 0, '/', '127.0.0.1', false, false);
因此, $ user-> headers ['cookie'的值] 是分号和空格(; )分隔的键值对集合,其中值是URL编码的,并且与其键相等标志。 (如果您在cookie名称中放置保留字符,PHP会抱怨。因此cookie密钥不能包含任何url编码值。)
Thus, the value of $user->headers['cookie'] is a semicolon and space (;) delimited collection of key value pairs, where the values are URL encoded and separated from its key with an equal sign. (PHP complains if you put reserved characters in the cookie name. Thus the cookie key can not contain any url encoded values.)
提取这些的快速方法如下
A quick way to extract these are as follows
$cookies = array();
$cookiesParts = explode('; ', $user->headers['cookie']);
foreach ($cookiesParts as $cookieParts) {
$interimCookie = explode('=', $cookieParts);
$cookies[$interimCookie[0]] = urldecode($interimCookie[1]);
}
var_dump($cookies);
array(3) {
["PHPSESSID"]=>
string(26) "jan9uknpc06mk4ddghph4870t1"
["MyCookie"]=>
string(14) "My Value;!@#$%"
["MyNonhttponlyCookie"]=>
string(8) "My Value"
}
我们现在拥有会话ID。仔细检查 session_name(),它将为您提供实际持有会话ID的cookie的密钥。
We now have the session ID. Double check with session_name(), which will give you the key of the cookie that actually holds the session ID.
我们可以序列化和反序列化存储在服务器中的会话文件, session_save_path()指向...但我想作弊。
We could serialize and unserialize the session file as stored in the server, which is pointed at by session_save_path()... but I want to cheat.
因为内置会话系统会锁定会话文件,所以我们不能只保持会话文件打开并不断监视更改,也不能自己锁定文件很长一段时间。
Because the built-in session system locks the session files, we can't just keep the session file open and constantly watch for changes, nor can we lock the file ourselves for long periods of time.
如果我们可以使用 __ get()和<$ c,那将是理想的选择。 $ c> __ set()这里的魔术方法与我们使用 $ _ SESSION 超全局的方式相同(例如 $ myUser-> _session ['key'] ='value'; ),但PHP不允许将这些方法视为数组。相反,我们必须设置一个更普通命名的方法。
It would be ideal if we could use the __get() and __set() magic methods here in the same way we'd use the $_SESSION superglobal (such as $myUser->_session['key'] = 'value';), but PHP does not allow treating these methods as arrays. Instead, we have to set a more mundanely named method.
<?php
class MyUser extends WebSocketUser {
public $session_id; // gets set somewhere. Good place is probably is your implementation of the `connected($user)` abstract method.
public getSession($key) {
session_id($this->session_id);
session_start();
$val = $_SESSION[$key];
session_write_close(); // very important!
return $val;
}
public setSession($key, $value) {
session_id($this->session_id);
session_start();
$_SESSION[$key] = value;
session_write_close(); // still very important!
}
}
(注意:我也指着我的
(Note: I'm also pointing my feature request at this question, to base my eventual implementation of cookie parsing and session handling here, so that I can remember my research tonight as I work.)
这篇关于在PHP命令行中访问会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
