开发者

accessing $_SESSION when using file_get_contents in PHP

开发者 https://www.devze.com 2022-12-26 20:32 出处:网络
I have a page called send.email.php which sends an email - pretty simple stuff - I pass an order id, it creates job request and sends it out. This works fine when used in the context I developed it (U

I have a page called send.email.php which sends an email - pretty simple stuff - I pass an order id, it creates job request and sends it out. This works fine when used in the context I developed it (Use javascript to make an AJAX call to the URL and pass the order_id as a query parameter)

I am now trying to reuse the exact same page in another application howe开发者_JS百科ver I am calling it using php file_get_contents($base_url.'admin/send.email.php?order_id='.$order_id). When I call the page this way, the $_SESSION array is empty isempty() = 1.

Is this because I am initiating a new session using file_get_contents and the values I stored in the $_SESSION on login are not available to me within there?

--> Thanks for the feedback. It makes sense that the new call doesn't have access to the existing session...

New problem though:

I now get: failed to open stream: HTTP request failed! When trying to execute:

$opts = array('http' => array('header'=> 'Cookie: ' . $_SERVER['HTTP_COOKIE']."\r\n"));
$context = stream_context_create($opts);
$contents = file_get_contents($base_url.'admin/send.sms.php?order_id='.order_id, false, $context);

YET, the URL works fine if I call it as: (It just doesn't let me access session)

$result file_get_contents($base_url.'admin/send.sms.php?order_id='.$order_id);


file_get_contents() shouldn't be used anywhere you need authentication/session information transmitted. It's not going to send any cookies, so the user's authentication information will not be included by default.

You can kind of hack around it by including the session identifier (e.g. 'PHPSESSID' by default) as a query parameter in the URL, and have the other script check for that. But transmitting session identifiers in the URL is horribly bad practice, even if it's just to the same server.

$contents = file_get_contents("http://.... /send_sms.php?order_id=$order_id&" . session_name() . '=' . session_id());

To do this properly, use CURL and build a full HTTP request, including the cookie information of the parent page.


you'd have to include the file or call the respective functions from your send.sms.php script. instead you call it like a webservice (which it isn't)

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号