在Joomla之外访问会话数据 [英] Accessing session data outside Joomla

问题描述

我正在尝试在Joomla之外运行应用程序(而不是作为插件)，并且我想访问已登录用户的信息(用户ID).我想知道我应该怎么做?我可以包含一个文件吗?我尝试使用$ _SESSION，但显示为空.

I am trying to run an application outside Joomla (not as a plugin) and I would like to access the logged in user's information (userid). I am wondering how should I go about doing that? Is there a file which I can include? I tried using $_SESSION but it shows empty.

有没有解决我的问题的简单方法?谢谢您的时间.

Is there a simple solution to my problem? Thank you for your time.

推荐答案

实际上，这并不像听起来那样简单. Joomla使用自己的会话处理功能，并带有唯一的会话ID生成和适当的加密，因此进入Joomla会话数据的唯一方法是使用适当的Joomla函数(如其他人所建议的).我最近有一个项目，我们需要将经过Joomla身份验证的用户转移到单独的应用程序中.为此，我们添加了一个Joomla适配器，该适配器实例化Joomla用户类，读取用户数据，将所有内容放入加密的cookie中并重定向回我们的应用程序.在这里，我们读取了加密的cookie，实例化了自己的用户对象，并丢弃了cookie.由于这不是100％安全的，因此我们正在更改系统以将用户数据写入数据库表中并从我们的应用程序中读取数据-我们避免通过cookie的不安全方式，因为即使cookie被加密(并且包含足以验证用户身份的敏感用户信息)，该信息将通过网络进行传输并可能被监听.

Actually that's not as easy as it sounds. Joomla uses its own session handling with come unique session-id-generation and some encryption in place, so the only way to get into the Joomla session data is to use the appropriate Joomla functions (as others have suggested). I recently had a project where we needed to transfer a Joomla authenticated user into a separate application. We did this by adding a Joomla adapter which instantiates the Joomla user classes, reads the user data, puts everything into an encrypted cookie and redirects back to our application. In there we read the encrypted cookie, instantiate our own user object and discard the cookie. As this is not 100% secure we're changing the system to write the user data in a database table and read it from our application - we avoid the unsecure way through a cookie that way, because even though the cookie is encrypted (and contains sensitive user information which suffice to authenticate a user) it'll be transfered on wire and could be sniffed.

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(dirname(__FILE__)));
define( 'DS', DIRECTORY_SEPARATOR );

require_once (JPATH_BASE . DS . 'includes' . DS . 'defines.php');
require_once (JPATH_BASE . DS . 'includes' . DS . 'framework.php');

$mainframe = JFactory::getApplication('site');

以上是访问Joomla资源所需的基本脚本.

The above is the basic script required to access Joomla resources.

这篇关于在Joomla之外访问会话数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！