curl调用后PHP会话不保存 [英] PHP session not saved after curl call
问题描述
我需要通过curl脚本验证我的用户
session_start();
$ _POST [username] =用户;
$ _POST [password] =密码;
$ ch = curl_init();
$ url ='signin.php';
curl_setopt($ ch,CURLOPT_URL,$ url);
curl_setopt($ ch,CURLOPT_POST,count($ _ POST));
curl_setopt($ ch,CURLOPT_POSTFIELDS,$ _POST);
curl_setopt($ ch,CURLOPT_RETURNTRANSFER,1);
$ result = json_decode(curl_exec($ ch),true);
curl_close($ ch);
signin.php对api进行另一次curl调用,我确保signin.php返回了所有所需的信息,设置所有必需的会话变量,返回一个数组:
echo json_encode(array(
'success' > true,
'ALLSESSION'=> $ _SESSION,
'error'=>
)
ALLSESSION返回正确的会话变量,但不能直接访问, $ _SESSION [userid],它在会话数组中不存在。
如何保留2页之间的会话?
感谢
问题是客户端不记得/传送PHP会话ID。 / p>
当HTTP客户端向php脚本发出请求(通过HTTP服务器)时,如果希望继续以前启动的会话,它必须在请求中包含会话ID 。这可以在HTTP标头中作为Cookie或作为网址参数(默认名为 PHPSESSID )完成。
如果您不想使用PHP的默认会话变量名称,或者您想使用POST变量而不是URL参数,那么您可以使用任何请求变量或URL参数(无论是GET, POST或COOKIE),但是您需要在服务器端手动解释此变量。
这里有三个解决方案,按照最推荐,最不推荐。
- 在cUrl 或 中启用Cookie支持
- 通过会话id作为URL参数或
- 将会话ID作为请求变量(post / cookie)或不使用PHP期望的名称的URL参数,然后在服务器端使用该会话ID手动启动会话。
解决方案1:在cUrl中启用Cookie支持
PHP使用Cookie中的会话ID,在您每次向该客户发出请求时重新载入会话数据。
在这种情况下,客户端是cUrl。您需要设置您的cUrl请求以允许/使用Cookie。
这是通过设置 CURLOPT_COOKIEJAR 和 CURLOPT_COOKIEFILE 选项。
session_start();
$ _POST [username] =用户;
$ _POST [password] =密码;
$ ch = curl_init();
$ url ='signin.php';
//存储cookie数据的文件的名称
//如果文件不存在,它将被创建。
// cUrl(或您的Web服务器)需要对文件夹具有写入权限。
$ cookieFile =/ some / writable / folder / filename;
curl_setopt($ ch,CURLOPT_URL,$ url);
curl_setopt($ ch,CURLOPT_POST,count($ _ POST));
curl_setopt($ ch,CURLOPT_POSTFIELDS,$ _POST);
curl_setopt($ ch,CURLOPT_RETURNTRANSFER,1);
//告诉cUrl关于cookie文件
curl_setopt($ ch,CURLOPT_COOKIEJAR,$ cookieFile); //告诉cUrl在哪里写cookie数据
curl_setopt($ ch,CURLOPT_COOKIEFILE,$ cookieFile); //告诉cUrl从
$中读取cookie数据的结果$ result = json_decode(curl_exec($ ch),true);
curl_close($ ch);
使用CURLOPT_COOKIEJAR和CURLOPT_COOKIEFILE使用 $ cookieFile 的任何后续cUrl调用
解决方案#2:在URL查询字符串中使用预期的参数名称传递会话ID(默认为PHPSESSID,但这可以是已更改)
您可以将会话ID附加到所有网址,如下所示:
somepage.php?PHPSESSID = sessionidgoeshere
PHPSESSID是PHP中默认使用的变量名。如果服务器设置为使用非默认名称,则您将需要使用该变量名称。
对于解决方案#2,您仍然需要在客户端存储会话ID。
解决方案#3:将会话ID作为请求变量或URL参数传递,然后在服务器端使用该会话ID手动启动会话。
此解决方案不建议在正常情况下使用。与以前的解决方案不同,这需要更改服务器端脚本以及客户端(cUrl)。此解决方案仅在您特别希望将会话ID作为URL参数或Cookie之外的其他方式发送时,或者如果要使用除服务器期望的名称之外的变量名称时才有用。
将正在处理请求的服务器端PHP中的以下代码,在开始会话之前:
session_id($ _ POST [< param_name>]); 或 session_id _GET [< param_name>]); 或 session_id($ _ COOKIE [< param_name>]);
我建议您使用解决方案#1,除非您有强烈的理由不要。
此外,PHP不关心请求是GET还是POST还是任何其他HTTP请求方法。无论HTTP请求方法如何,如果会话ID为作为网址参数传递或在Cookie中传递,则相关会话将在服务器端保留。
I need to authenticate my user through a curl script
session_start();
$_POST["username"]= "user";
$_POST["password"]= "password";
$ch = curl_init();
$url = 'signin.php';
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($_POST));
curl_setopt($ch,CURLOPT_POSTFIELDS, $_POST);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$result = json_decode(curl_exec($ch),true);
curl_close($ch);
The signin.php makes another curl call to an api, I made sure that signin.php returns all required information, sets all required session variables, returns an array:
echo json_encode(array(
'success' => true,
'ALLSESSION' => $_SESSION,
'error'=> ""
));
the ALLSESSION is returning the correct session variables, but they are not accessible directly, I mean I cant use $_SESSION["userid"], its not existent in the array of sessions.
How to preserve the session between the 2 pages?
Thanks
The problem is that the client is not remembering/transmitting the PHP session id.
When an HTTP client makes a request to a php script (via an HTTP server), it must include the session id in the request if it wishes to continue a previously started session. This can be done either in the HTTP headers as a cookie or as a URL parameter (named PHPSESSID by default). If you do not want to use PHP's default session variable name, or if you want to use a POST variable instead of a URL parameter, then you can use any request variable or URL parameter you wish (whether it be GET, POST, or COOKIE), but then you will need to manually interpret this variable on the server-side.
Here are three solutions, in order of most recommended to least recommended.
- Turn on cookie support in cUrl or
- Pass the session id as a URL parameter or
- Pass the session id as a request variable (post/cookie) or a URL parameter that does not use the name expected by PHP, and then manually start the session on the server-side using that session id.
Solution #1: Turn on cookie support in cUrl
PHP uses the session id in the cookie to reload your session data each time you make a request from that client.
In this case, the client is cUrl. You need to setup your cUrl request to allow/use cookies. This is done by setting the CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE options.
session_start();
$_POST["username"]= "user";
$_POST["password"]= "password";
$ch = curl_init();
$url = 'signin.php';
//Name of a file to store cookie data in.
//If the file does not exist, it will be created.
//cUrl (or your web server) needs to have write permissions to the folder.
$cookieFile = "/some/writable/folder/filename";
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($_POST));
curl_setopt($ch,CURLOPT_POSTFIELDS, $_POST);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
//Tell cUrl about the cookie file
curl_setopt($ch,CURLOPT_COOKIEJAR, $cookieFile); //tell cUrl where to write cookie data
curl_setopt($ch,CURLOPT_COOKIEFILE, $cookieFile); //tell cUrl where to read cookie data from
$result = json_decode(curl_exec($ch),true);
curl_close($ch);
Any subsequent cUrl calls that use $cookieFile for CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE will have the same session data as prior calls.
Solution #2: Pass the session id in the URL query string using the expected parameter name (PHPSESSID by default, but this can be changed)
You can append the session id to all urls like this: somepage.php?PHPSESSID=sessionidgoeshere
"PHPSESSID" is the variable name that is used by default in PHP. If the server is setup to use a non-default name, then you would need to use that variable name instead.
With solution #2, you will still need to store the session id on the client-side somehow.
Solution #3: Pass the session id as a request variable or a URL parameter and then manually start the session on the server-side using that session id.
This solution is not recommended for normal situations. Unlike the previous solutions, this one requires changes to the server-side script as well as the client-side (cUrl). This solution is only useful if you specifically want to send the session id as something other than a URL parameter or cookie, or if you want to use a variable name other than the name that the server is expecting.
Place the following code in your server-side PHP that is handling the request, prior to starting the session:
session_id($_POST[<param_name>]); or session_id($_GET[<param_name>]); or session_id($_COOKIE[<param_name>]);
I suggest using Solution #1 unless you have a compelling reason not to.
Also, PHP doesn't care whether the request is a GET or a POST or any other HTTP request method. Regardless of the HTTP request method, if the session id is passed as a URL parameter or in a cookie, then the related session will persist on the server-side.
这篇关于curl调用后PHP会话不保存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
