[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] xml-rpc and sessions
|
From: |
Joseph Engo |
|
Subject: |
Re: [Phpgroupware-developers] xml-rpc and sessions |
|
Date: |
Mon, 05 Jan 2004 17:59:23 -0500 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There is also another problem with PHP sessions and XML-RPC.
Presently, for PHP sessions it doesn't create a kp3 number. xmlrpc.php
requires it to be set before it will allow the session.
I am not sure if this has been fixed or not, I remeber finding this a
while back but never got around to fixing it.
Dirk Schaller wrote:
| Hi,
|
| I had some trouble with xml-rpc and session handling. After a
| successful xml-rpc login I got a 'session expired' message. The
| problem appears only when I set the session setting to 'php4'.
|
| I did some debugging and found the reason and solution for the
| problem: When the xml-rpc client is logged in, he gets a sessionid
| for http authentication. The next request sends the sessionid
| correctly from my xml-rpc client to the xml-rpc phpGW server, but
| the 'old' session data couldnt be loaded. Therefore a 'new' session
| starts, the $_SESSION['phpgw_session'] is empty and I get the
| session expired nessage. After the xml-rpc system.login and one
| other request I found two session files on harddisk, one with
| session data from the login (old session) amd one empty (new
| session started) from the requst.
|
| So the main problem is to load the old session data. The solution
| is in my view simple. Before a session starts we have to set the
| old sessionid by running sessionid().
|
| The file class.sessions_php4.inc.php contains a method for loading
| the session data, but without noticing the 'old' sessionid:
|
| function read_session($sessionid) { session_start(); return
| $GLOBALS['phpgw_session'] = $_SESSION['phpgw_session']; }
|
| Before the session starts I run session_id() to set the correct
| 'old' sessionid:
|
| function read_session($sessionid) { session_id($sessionid);
| session_start(); return $GLOBALS['phpgw_session'] =
| $_SESSION['phpgw_session']; }
|
|
| Another method in this class also contains a start_session():
|
| function register_session($login,$user_ip,$now,$session_flags) {
| session_start(); ... }
|
| Here we can use the class variable 'sessionid':
|
| function register_session($login,$user_ip,$now,$session_flags) {
| session_id($this->sessionid); session_start(); ... }
|
|
| I hope someone can test it amd commit it to the .16 branch.
|
|
| Now I have another aspect for discussion: The xmlrpc.php is GPL and
| none GPL software couldnt use this interface. In my view a LGPL
| licence is more flexible as the GPL licence for such a interface
| file. With LGPL we have the opportunaty the use more existing
| xml-rpc applications with the groupware.
|
|
| Thanks, Happy new year! Dirk
|
|
| -- ***** Open Source und Linux im professionellen Einsatz
| ***** ** komplexe Mailserver, Groupware, Office: sprechen Sie uns
| an ** Dipl.-Inform. (FH) Dirk Schaller pro|business AG, EXPO Plaza
| 1 (Deutscher Pavillon), 30539 Hannover E-Mail:
| address@hidden, Tel.: 0511/60066-334, Fax: -355 WWW:
| http://www.probusiness.de/
|
|
| _______________________________________________
| Phpgroupware-developers mailing list
| address@hidden
| http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQE/+exF/AzmiD/o0voRAo4CAJ9IzehsCVfkV2/8OdGkQhujRER+owCePlio
Dn3kivfwpUQHjSPl1+4qQLw=
=Yd60
-----END PGP SIGNATURE-----