3

I'm currently trying to use the current session of a php web page from an applet. I tought it would be straightforward, but it didn't go as smooth as I tough. From the php man: 

session_start() creates a session or resumes the current one based on a session
identifier passed via a GET or POST request, or passed via a cookie.

From there I did some php (simplified here):

// PAGE1.PHP
session_start();
$_SESSION['test'] = true;
echo "sid=" . session_id();

// PAGE2.PHP
session_start();
if ($_SESSION['test'])
    $echo "success";
else
    $echo "fail";

So, from my applet, I do a request to PAGE1.PHP and it returns me the session id. When I do a new request on the page 2, I pass the session id as a parameter and it seems that the session wasn't kept. I use 

URL url = new URL("my/url/PAGE2.php?sid=" + session_id); 
URLConnection conn = url.openConnection();
conn.setDoOutput(true); 
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); 

wr.write(data); // data is the post data created previously
wr.flush(); 

// Get the response 
BufferedReader rd = new BufferedReader(
    new InputStreamReader(conn.getInputStream())); 
String line;
while ((line = rd.readLine()) != null) { 
    System.out.println(line);
}

I have tried via POST and GET method and it doesn't seem to work.

So I'm wondering if it's possible, and if yes, what do I miss?

thanks.

Improve this question

2 Answers 2

Reset to default
4

Accepting session IDs as part of the GET is bad form, and bad idea security wise. I would suggest that you retrieve the session ID from the PHPSESSION cookie with something like:

Following java snippet was shamelessly copied from here – Have a look at that (although it is java 1.4 specific).

public String getCookie() {
  /*
  ** get all cookies for a document
  */
  try {
    JSObject myBrowser = (JSObject) JSObject.getWindow(this);
    JSObject myDocument =  (JSObject) myBrowser.getMember("document");
    String myCookie = (String)myDocument.getMember("cookie");
    if (myCookie.length() > 0) 
       return myCookie;
    }
  catch (Exception e){
    e.printStackTrace();
    }
  return "?";
  }

 public String getCookie(String name) {
   /*
   ** get a specific cookie by its name, parse the cookie.
   **    not used in this Applet but can be useful
   */
   String myCookie = getCookie();
   String search = name + "=";
   if (myCookie.length() > 0) {
      int offset = myCookie.indexOf(search);
      if (offset != -1) {
         offset += search.length();
         int end = myCookie.indexOf(";", offset);
         if (end == -1) end = myCookie.length();
         return myCookie.substring(offset,end);
         }
      else 
        System.out.println("Did not find cookie: "+name);
      }
    return "";
    }

Elsewhere in your code grab the session id using: 

  getCookie("PHPSESSION"); // replace this with the cookie name in your /etc/php.ini

and set it in your applet.

 conn.setRequestProperty("Cookie", "PHPSESSION=value");

Far more current information is available at the sun java cookie page

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

It may be a stupid question, but what is the difference in security between passing the session id via GET/POST and cookie? (Also, I encrypt my data between php and java when using post)
3

Your PAGE2.php is not actually using the sid param you're passing via _GET to initiate the session.

In page2.php, try:

session_id($_GET['sid']);
session_start();

instead of plain-old:

session_start();
Improve this answer

3 Comments

I've been trying it without success. After reading the man page again, it seems that session_start is void. So it's normal that it doesn't work.
you're actually looking for session_id($_GET['sid']); session_start();
Thanks Frank! I misread the doc about session_id. I tough it was always creating a new session when calling that. Now it works like a charm!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.