All geek questions in one place

It is necessary to use the browser "session" when calling another PHP script via CURL

I have a "primary" PHP script (actually a set of scripts) that the user interacts with through a browser. I had no problems using the site as the session information works from page to page.

However, one of the scripts should directly call another "secondary" php script on my site using CURL and that the "secondary" script should get information about the php session (which contains the current user on the system), etc.) from the "primary". I need to transfer session information from a "primary" PHP script to a "secondary" in CURL. Any suggestions on how I can do this?

No, I do not want to use cookies here (too unsafe).

+3
source share
3 answers

I know that you said that you do not want to use cookies because they are unsafe. In the following solution, the client session cookie is “redirected” to the second request. Sending a cookie to the local computer should not create security flaws.

You can transfer the session cookie from the client browser to a new, server request (thanks Ben for pointing out session_name).

$curl_cookies = session_name() . '=' . session_id() . '; path=/';
curl_setopt($ch, CURLOPT_COOKIE, $curl_cookies);

For simplicity, I only pass the cookie PHPSESSID (I also assume this is your session cookie key).

0
source

PHP cookie ( ). cookie , , PHP.

session_name(), / cookie, PHPSESSID, .

0

Why not just send the http request line parameter with the session id in it?

for example (in pseudo code):

curl.send (' http://myserver.com/myapplication.php?session_id= '. getSessionId ());

0
source

Source: https://habr.com/ru/post/1720636/

More articles:


All Articles