Re: Manually setting session ids

On 29 Sep, 18:33, Hugh Oxford <ares...@xxxxxxx> wrote:
I am writing some server to server software that needs to maintain state.

When I say server to server I mean that the client is not a browser, it
is another PHP server (as if that wasn't obvious).

The obvious way to do this is to use the session ID. The problem is, how
to first of all generate a session ID and then send back a session ID to
reload a session.

Perhaps my understanding of sessions is too limited, but I can't see the
wood for the trees at the moment. Maybe it's obvious and I can't see it.

This is the server (pseudocode). Forget the transport mechanism, imagine
that any function can be called remotely.

<?php
session_start();

function GetSessionID()
{
return session_id();

}

function SetSessionID($session_id)
{
session_id($session_id);

}

function SetVar($var, $val)
{
$_SESSION[$var] = $val;

}

function GetVar($var)
{
return $_SESSION[$var];

}

?>

now, on the client side, the idea is to do something like this

$sid = $client->GetSessionId();
$client->SetSessionId($sid);
$client->SetVar('foo', 'bar');
echo $client->GetVar('foo'); //returns 'bar'

The problem seems to be that session_start on the server side is called
at the top of the script, and there is no way to change the session_id
midstream.

Even if I could change the session_id, would I get back the data I had
already set?

Does anyone have any thoughts. I'm going mad.

You're trying to make the session model for browser wielding users fit
a server-to-server model. Start again with a blank bit of paper.

We can't advise further without knowing a lot more about the
interchange - how does security figure? Will there be multiple
clients? "Forget the transport mechanism" - do you mean we should
assume that it's transactionally secure or that this doesn't matter?
Does it have to run synchronously or asynchronously? Are you writing
the code at both ends?

C.
.

Relevant Pages

  • Re: SSL/TLS & renegotiation and Internet Explorer
    ... When IE closes the connection with the server and prompts the user to choose ... recovery logic the SSL session is discarded. ... If the user only has one suitable client certificate, ...
    (microsoft.public.security)
  • Re: RDP Printing by station
    ... flagged as non-printing stations can not print for ANY users. ... multiple NIC's on the terminal server. ... I'd then just have to ensure that the client stations that are ... session is limited to NIC # 1. ...
    (microsoft.public.windows.terminal_services)
  • SSL and IPS (was RE: ssh and ids)
    ... How many simultaneous SSL sessions can be tracked?" ... I assume you're talking about a case in which the client constantly ... If you walk the possible session id space and ... The server chooses the session ID, ...
    (Focus-IDS)
  • Trying to setup FreeNX
    ... I've installed FreeNX server and the NX client from ... Below is a copy of the failure as recorded by my NX client trying to ... NX> 103 Welcome to: bhf user: bob ... NX> 703 Session type: unix-kde ...
    (alt.os.linux.suse)
  • Re: Problems logging on to Windows Based Server.
    ... This problem occurs because the Windows 2000-based server rejects your logon ... structure that is used to track the logon session. ... The client attempts to ... This problem does not occur in conjunction with Microsoft Windows NT-based ...
    (microsoft.public.security)