Jump to content

Javascript sessions on the server end

Go to solution Solved by requinix,

Recommended Posts



I've gotten my self really confused with server end checks for users being logged in. I create a session in PHP by using a straight forward ajax request and check the database against the user & pass sent to the server.

I then set a session like this:

$_SESSION['uid'] = $row['uid'];

But i want to check this session in NodeJS aswell so i don't have to keep validating the user when they send data on a socket.


The script i have is like this:


socket.on('sendMessage', function(data,callBack){       
   var userID = //assign $_SESSION['uid'], possible?
       console.log('User not logged in!');
   } else {

   var message = sanitize(data['message']).escape();
   var query = connection.query('SELECT name FROM users WHERE uid = ?', [userID],
                    console.log('Query Error: '+err);
                 } else if(results.length == 1){
                    var username = results[0].name;
                    console.log(username+' sent a message!');

How do i use the session in this situation - i can't work out how to do it =/


Please help, really confused!

Edited by EchoFool
Link to comment
Share on other sites

With a typical setup the session data is stored in a file in a format you don't want to bother with.


Move your sessions to a database. Old articles but nothing's really changed (besides SessionHandlerInterface):

- Storing Sessions in a Database

- Saving PHP's Session data to a database


Then anything, be it PHP or Node.js, can read and write session data.

Link to comment
Share on other sites

Ok final question, I've written my class for this and in my database i have this :


ID: b212afdb797206ae06e376f2c4d2e681
Access: 1386984361
Data: Userid|i:1;




What I don't understand is how to get that info.


Using this for example:

socketio.emit("GetSeassionData", { ID : b212afdb797206ae06e376f2c4d2e681});

A user could easily edit their JavaScript and change the ID ? So how do I get the session data in nodeJS?

Edited by EchoFool
Link to comment
Share on other sites

  • Solution

The session ID was passed in the cookies. PHPSESSID is the default name for it, I think. You don't need to include it in your client-side Javascript.


And yes, the user could change their session ID, but it won't do them any good unless they managed to find out somebody else's session ID.

Edited by requinix
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.