PHP SESSION not working in websocket server

Question

I have a simple PHP websocket for real time chat application. I use apache server as well as websocket server.

When username logs in successfully, I set SESSION with value username as below in login.php

@session_start();
$_SESSION["user"] = $username;

I have to start websocket server by php server.php .

Hence I cannot get value of even I start session. 值。 I gives an error as Undefined index user .

Answer 1

Someone on the PHP documentation are crazy enough to attempt this (and my answer is based from that person)

But basically for you to switch between your current web based to command line you need to grab the current session id from the web and set it back on the cli.

Write_session.php

<?php

session_start();
$_SESSION['test']='test';

print_r($_SESSION);

echo session_id();

?>

Output of write_session.php

gqptpc3scf4k0h3vpl2d341u13

Read_session.php (you need to find a safe way to send the session id over I suppose)

<?php

$ssid = "gqptpc3scf4k0h3vpl2d341u13";

session_id ($ssid);
session_start();

print_r($_SESSION);

?>

Reference : http://php.net/manual/en/function.session-start.php#53293

Answer 2

It is possible, however to start a session with the Apache server and then access the session cookie within the websocket code.

Apache server's file starts the session. You can send session id every time you send a new message to websocket server and you can easily check session with session id.

Look this:

session_id("your session_id");    
session_start();
if(isset($_SESSION["SESSION_NAME"])){
     //keep connected and process request
}
else{
     //disconnect
}

OR

You can check step by step example from here .

Answer 3

The session ID is available in a cookie, usually named PHPSESSID (depends on the session.name php.ini setting, and can be checked and changed during execution with session_name() .

The HTTP headers, including cookies, are available to the WebSocket server when the user is connecting. A responsible WS server should store those headers and make them available to the application through the user object (or connection object, or whatever object stores and uniquely identifies the resource through which to send the message back to the connected client).

Also, note that the PHP session system locks a user's session while it is open. Because WebSocket servers are designed to run continuously, they will never unlock the session on their own.

So, if a user's session is opened in WS, then every single AJAX and normal web request will timeout. That user will not be able to use your site at all.

Also, only one session can be open in a script at a time. If a second user connects to the WS server, then that user will have access to all of the session information of the first user, and no access to their own session. (Kinda a big, giant, gaping security hole.)

Thus, if you open a session, you MUST close the session as soon as possible using session_write_close() .

See this previous question and answer for a specific implementation of sessions in a WebSocket server, as an example of what to look for in your implementation. (Note: Some may be tempted to call this question a duplicate. While I'd hope that both questions stay active, I think, of any, that this question here should be the one to stand, because it is more general (does not cover one specific WS server), and the advice given in the last question is going to be obsolete soon, due to active development with that WS server.)