RE: [Phpgroupware-developers] xml-rpc and sessions

phpgroupware-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Phpgroupware-developers] xml-rpc and sessions

From:	Dirk Schaller
Subject:	RE: [Phpgroupware-developers] xml-rpc and sessions
Date:	Tue, 6 Jan 2004 08:47:17 +0100

The kp3 number will be created. It seams that this is fixed. The http
authentication also runs correctly.
I think the "background problem" is that session_start() normaly gets
the sessionid from $_GET, $_POST or $_COOKIE. With xml-rpc these arrays
doesnt contains the sessionid. Therefore session_start() doesnt found
a sessionid and starts a new session.
When the old sessionid is set (with sessionid()) then session_start()
checks if such a session exists and if so this session will be loaded.



> -----Original Message-----
> From: Joseph Engo [mailto:address@hidden
> Sent: Monday, January 05, 2004 11:59 PM
> To: address@hidden
> Subject: Re: [Phpgroupware-developers] xml-rpc and sessions
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>  
> There is also another problem with PHP sessions and XML-RPC.
> Presently, for PHP sessions it doesn't create a kp3 number. xmlrpc.php
> requires it to be set before it will allow the session.
> 
> I am not sure if this has been fixed or not, I remeber finding this a
> while back but never got around to fixing it.
> 
> Dirk Schaller wrote:
> 
> | Hi,
> |
> | I had some trouble with xml-rpc and session handling. After a
> | successful xml-rpc login I got a 'session expired' message. The
> | problem appears only when I set the session setting to 'php4'.
> |
> | I did some debugging and found the reason and solution for the
> | problem: When the xml-rpc client is logged in, he gets a sessionid
> | for http authentication. The next request sends the sessionid
> | correctly from my xml-rpc client to the xml-rpc phpGW server, but
> | the 'old' session data couldnt be loaded. Therefore a 'new' session
> | starts, the $_SESSION['phpgw_session'] is empty and I get the
> | session expired nessage. After the xml-rpc system.login and one
> | other request I found two session files on harddisk, one with
> | session data from the login (old session) amd one empty (new
> | session started) from the requst.
> |
> | So the main problem is to load the old session data. The solution
> | is in my view simple. Before a session starts we have to set the
> | old sessionid by running sessionid().
> |
> | The file class.sessions_php4.inc.php contains a method for loading
> | the session data, but without noticing the 'old' sessionid:
> |
> | function read_session($sessionid) { session_start(); return
> | $GLOBALS['phpgw_session'] = $_SESSION['phpgw_session']; }
> |
> | Before the session starts I run session_id() to set the correct
> | 'old' sessionid:
> |
> | function read_session($sessionid) { session_id($sessionid);
> | session_start(); return $GLOBALS['phpgw_session'] =
> | $_SESSION['phpgw_session']; }
> |
> |
> | Another method in this class also contains a start_session():
> |
> | function register_session($login,$user_ip,$now,$session_flags) {
> | session_start(); ... }
> |
> | Here we can use the class variable 'sessionid':
> |
> | function register_session($login,$user_ip,$now,$session_flags) {
> | session_id($this->sessionid); session_start(); ... }
> |
> |
> | I hope someone can test it amd commit it to the .16 branch.
> |
> |
> | Now I have another aspect for discussion: The xmlrpc.php is GPL and
> | none GPL software couldnt use this interface. In my view a LGPL
> | licence is more flexible as the GPL licence for such a interface
> | file. With LGPL we have the opportunaty the use more existing
> | xml-rpc applications with the groupware.
> |
> |
> | Thanks, Happy new year! Dirk
> |
> |
> | -- *****    Open Source und Linux im professionellen Einsatz
> | ***** **  komplexe Mailserver, Groupware, Office: sprechen Sie uns
> | an ** Dipl.-Inform. (FH) Dirk Schaller pro|business AG, EXPO Plaza
> | 1 (Deutscher Pavillon), 30539 Hannover E-Mail:
> | address@hidden,  Tel.: 0511/60066-334, Fax: -355 WWW:
> | http://www.probusiness.de/
> |
> |
> | _______________________________________________
> | Phpgroupware-developers mailing list
> | address@hidden
> | http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>  
> iD8DBQE/+exF/AzmiD/o0voRAo4CAJ9IzehsCVfkV2/8OdGkQhujRER+owCePlio
> Dn3kivfwpUQHjSPl1+4qQLw=
> =Yd60
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-developers] xml-rpc and sessions, Dirk Schaller, 2004/01/05
- Re: [Phpgroupware-developers] xml-rpc and sessions, Joseph Engo, 2004/01/05
- Re: [Phpgroupware-developers] xml-rpc and sessions, Alex Borges, 2004/01/13
- Re: [Phpgroupware-developers] xml-rpc and sessions, Chris Weiss, 2004/01/05
- RE: [Phpgroupware-developers] xml-rpc and sessions, Dirk Schaller <=

Prev by Date: Re: [Phpgroupware-developers] Fwd: Accepted phpgroupware 0.9.14.007-4 (all source)
Next by Date: [Phpgroupware-developers] phpgwapi class.javascript.inc.php
Previous by thread: Re: [Phpgroupware-developers] xml-rpc and sessions
Next by thread: [Phpgroupware-developers] Fwd: Accepted phpgroupware 0.9.14.007-4 (all source)
Index(es):
- Date
- Thread