EchoFool Posted December 13, 2013 Share Posted December 13, 2013 Hello. I've gotten my self really confused with server end checks for users being logged in. I create a session in PHP by using a straight forward ajax request and check the database against the user & pass sent to the server. I then set a session like this: $_SESSION['uid'] = $row['uid']; But i want to check this session in NodeJS aswell so i don't have to keep validating the user when they send data on a socket. The script i have is like this: socket.on('sendMessage', function(data,callBack){ var userID = //assign $_SESSION['uid'], possible? if(!userID){ console.log('User not logged in!'); } else { var message = sanitize(data['message']).escape(); var query = connection.query('SELECT name FROM users WHERE uid = ?', [userID], function(err,results){ if(err){ console.log('Query Error: '+err); } else if(results.length == 1){ var username = results[0].name; console.log(username+' sent a message!'); } }); }); How do i use the session in this situation - i can't work out how to do it =/ Please help, really confused! Link to comment https://forums.phpfreaks.com/topic/284755-javascript-sessions-on-the-server-end/ Share on other sites More sharing options...
requinix Posted December 13, 2013 Share Posted December 13, 2013 With a typical setup the session data is stored in a file in a format you don't want to bother with. Move your sessions to a database. Old articles but nothing's really changed (besides SessionHandlerInterface): - Storing Sessions in a Database - Saving PHP's Session data to a database Then anything, be it PHP or Node.js, can read and write session data. Link to comment https://forums.phpfreaks.com/topic/284755-javascript-sessions-on-the-server-end/#findComment-1462299 Share on other sites More sharing options...
EchoFool Posted December 13, 2013 Author Share Posted December 13, 2013 So session_destroy(); would then be a mySQL delete based on $id ? Link to comment https://forums.phpfreaks.com/topic/284755-javascript-sessions-on-the-server-end/#findComment-1462301 Share on other sites More sharing options...
requinix Posted December 13, 2013 Share Posted December 13, 2013 That would do it, yes. Link to comment https://forums.phpfreaks.com/topic/284755-javascript-sessions-on-the-server-end/#findComment-1462302 Share on other sites More sharing options...
EchoFool Posted December 14, 2013 Author Share Posted December 14, 2013 Ok final question, I've written my class for this and in my database i have this : ID: b212afdb797206ae06e376f2c4d2e681Access: 1386984361Data: Userid|i:1; What I don't understand is how to get that info. Using this for example: socketio.emit("GetSeassionData", { ID : b212afdb797206ae06e376f2c4d2e681}); A user could easily edit their JavaScript and change the ID ? So how do I get the session data in nodeJS? Link to comment https://forums.phpfreaks.com/topic/284755-javascript-sessions-on-the-server-end/#findComment-1462313 Share on other sites More sharing options...
requinix Posted December 14, 2013 Share Posted December 14, 2013 The session ID was passed in the cookies. PHPSESSID is the default name for it, I think. You don't need to include it in your client-side Javascript. And yes, the user could change their session ID, but it won't do them any good unless they managed to find out somebody else's session ID. Link to comment https://forums.phpfreaks.com/topic/284755-javascript-sessions-on-the-server-end/#findComment-1462314 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.