Reading User Sessions

Yii 1.1 General Discussion
1

Say I have a different user’s session ID; is there a way to read the session for that particular ID?

I’m using CDbHttpSession, and I found a way to read the session using readSession(), but it has the user’s key prefix attached to the session keys, e.g., a7f290fcf19c86fab463bf6cf077fdbcuser_name and a7f290fcf19c86fab463bf6cf077fdbcuser_id.

I basically want to be able to do something like the following:




$session = Yii::app()->session->readSession($sessionId);

$userId = session['user_id'];

Thanks in advance.

2

I guess you’d want to custom your session IDs. Not sure why - you generally need not handle this as its not only extra work that is handled for you by PHP, but its also source of extra bugs. Redundant… .

As the manual says, you shouldn’t call readSession() manually. Its called, I think, by PHP when you do ‘session_start()’ and that command is initiated by Yii in the beginning of the request (in Yii v1.1.x).

I think it would be best if you write up what you’re trying to achieve and why.

3

I saw that readSession() docs said not to call it, but that was all I could find, so that’s where I started.

Basically what I have is a third-party chat app, and I want the chat app to have the user’s username and some other info. The chat app is not build on top of Yii, so I don’t have any Yii stuff available to grab info.

The user clicks the chat button on website.com (Yii), then it pops up a window for website.com/chat (non-Yii). From there, I don’t want to have to ask the users in chat to have to re-authenticate. What I have now is the chat app cURLing to website.com/userInfo?sessionId=abcd1234 to get the user’s info. It seems like a bit of a hack, but I’m not sure what else to do without just passing the user info directly in the URL, which I definitely don’t want to do for security reasons.

Hopefully this makes sense! If you have any suggestions, let me know. Thanks for the help.

4

Ok, so essentially you’d like a “single sign on” between Yii and another application. I don’t have a recipe for this but surely this has been researched in the past. I suggest you make a search on Google and this forum system. You can use the term just given or its abbreviation “SSO”. Here’s one such search result for you.

5

Sort of. I only really need to pass the chat app some of the user’s data one time when the chat initiates so that the chat operator knows the user is signed in.

I’ll take a look at the stuff you provided. I’m sure that’ll point me in the right direction. Thanks.

6

It said not it do it, so you did it? B)


echo CHtml::link('Enter Chat',array('site/chat',

                                         'user'=>'value1',

                                         'param2'=>'value2'));
7

Like I said, that’s where I started, and I couldn’t find a solution, so I came here for help.

That link could easily be manipulated to change the username, so it’s not secure at all, which is why I want to read from the session.

Thanks for the ideas. I’ve been banging my head against the wall with this, but luckily it’s not too urgent to get done. :mellow:

8

Just a thought. If you are only allowing a logged in user to go to the chatroom, in actionChat you could use Yii::app()->user->name;

9

The chat app is third-party, so it’s a separate part of our website. http://www.website.com/chat in our case points to a directory holding the chat app, not ChatController.php. Chat is available to everyone - not just to users logged in.

I’m probably going to do something like this:

[list=1]

[*]The chat link will send the user to something like http://www.website.com/site/startChat, which will create a new chat session if the user is logged in.

[*]This chat session, which is separate from the user session, will be stored in the DB as a random hash and the user’s info.

[*]It’ll then forward to the chat app with the hash in the url or a cookie.

[*]The chat app can then look up the user’s info with the hash.

[/list]