Say I have a different user’s session ID; is there a way to read the session for that particular ID?
I’m using CDbHttpSession, and I found a way to read the session using readSession(), but it has the user’s key prefix attached to the session keys, e.g., a7f290fcf19c86fab463bf6cf077fdbcuser_name and a7f290fcf19c86fab463bf6cf077fdbcuser_id.
I basically want to be able to do something like the following:
I guess you’d want to custom your session IDs. Not sure why - you generally need not handle this as its not only extra work that is handled for you by PHP, but its also source of extra bugs. Redundant… .
As the manual says, you shouldn’t call readSession() manually. Its called, I think, by PHP when you do ‘session_start()’ and that command is initiated by Yii in the beginning of the request (in Yii v1.1.x).
I think it would be best if you write up what you’re trying to achieve and why.
I saw that readSession() docs said not to call it, but that was all I could find, so that’s where I started.
Basically what I have is a third-party chat app, and I want the chat app to have the user’s username and some other info. The chat app is not build on top of Yii, so I don’t have any Yii stuff available to grab info.
The user clicks the chat button on website.com (Yii), then it pops up a window for website.com/chat (non-Yii). From there, I don’t want to have to ask the users in chat to have to re-authenticate. What I have now is the chat app cURLing to website.com/userInfo?sessionId=abcd1234 to get the user’s info. It seems like a bit of a hack, but I’m not sure what else to do without just passing the user info directly in the URL, which I definitely don’t want to do for security reasons.
Hopefully this makes sense! If you have any suggestions, let me know. Thanks for the help.
Ok, so essentially you’d like a “single sign on” between Yii and another application. I don’t have a recipe for this but surely this has been researched in the past. I suggest you make a search on Google and this forum system. You can use the term just given or its abbreviation “SSO”. Here’s one such search result for you.
The chat app is third-party, so it’s a separate part of our website. http://www.website.com/chat in our case points to a directory holding the chat app, not ChatController.php. Chat is available to everyone - not just to users logged in.