在 Joomla 之外访问会话数据 [英] Accessing session data outside Joomla

问题描述

我试图在 Joomla 之外运行一个应用程序(不是作为插件)，我想访问登录用户的信息(用户 ID).我想知道我该怎么做?有我可以包含的文件吗?我尝试使用 $_SESSION 但它显示为空.

I am trying to run an application outside Joomla (not as a plugin) and I would like to access the logged in user's information (userid). I am wondering how should I go about doing that? Is there a file which I can include? I tried using $_SESSION but it shows empty.

我的问题有简单的解决方案吗?感谢您抽出宝贵时间.

Is there a simple solution to my problem? Thank you for your time.

推荐答案

实际上这并不像听起来那么容易.Joomla 使用它自己的会话处理，带有独特的会话 ID 生成和一些适当的加密，因此进入 Joomla 会话数据的唯一方法是使用适当的 Joomla 功能(正如其他人所建议的).我最近有一个项目，我们需要将经过 Joomla 身份验证的用户转移到一个单独的应用程序中.我们通过添加一个 Joomla 适配器来实现这一点，该适配器实例化 Joomla 用户类、读取用户数据、将所有内容放入加密的 cookie 中并重定向回我们的应用程序.在那里我们读取加密的 cookie，实例化我们自己的用户对象并丢弃 cookie.由于这不是 100% 安全，我们正在更改系统以将用户数据写入数据库表并从我们的应用程序中读取它 - 我们通过这种方式避免了通过 cookie 的不安全方式，因为即使 cookie 是加密的(并且包含足以对用户进行身份验证的敏感用户信息)它将通过电汇传输并可能被嗅探.

Actually that's not as easy as it sounds. Joomla uses its own session handling with come unique session-id-generation and some encryption in place, so the only way to get into the Joomla session data is to use the appropriate Joomla functions (as others have suggested). I recently had a project where we needed to transfer a Joomla authenticated user into a separate application. We did this by adding a Joomla adapter which instantiates the Joomla user classes, reads the user data, puts everything into an encrypted cookie and redirects back to our application. In there we read the encrypted cookie, instantiate our own user object and discard the cookie. As this is not 100% secure we're changing the system to write the user data in a database table and read it from our application - we avoid the unsecure way through a cookie that way, because even though the cookie is encrypted (and contains sensitive user information which suffice to authenticate a user) it'll be transfered on wire and could be sniffed.

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(dirname(__FILE__)));
define( 'DS', DIRECTORY_SEPARATOR );

require_once (JPATH_BASE . DS . 'includes' . DS . 'defines.php');
require_once (JPATH_BASE . DS . 'includes' . DS . 'framework.php');

$mainframe = JFactory::getApplication('site');

以上是访问Joomla资源所需的基本脚本.

The above is the basic script required to access Joomla resources.

这篇关于在 Joomla 之外访问会话数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！