Cross language and server http session variables
I have one problem of开发者_StackOverflow社区 retrieving http session variables. I have two sever, one jetty and one apache. And two languages PHP in Apache and Java in jetty. When the user login to the website, his or hers profile ID is stored as Session variable in the Apache server in PHP. Can I somehow retrieve this session variable from the Jetty server using Java?
For cross server session you can keep session in cookies. But you need to make sure that these cookies are encrypted using some strong algorithm and key.
If you want to store only user ID. Then you can store ID as it is if its public ID and store a signature along with that, if ID is tempered with you can detect it using signature.
Create two cookies after authentication
1. One contains ID and
2. other contains signature of ID like using function in php called hmac_hash
hmac_hash
Whenever you get a request which needs authentication.
1. Using ID and same secret generate same signature back.
2. Check if the signature you generated is same as one you got in cookie.
Warning: Slight mistake can make data public.
Warning 2: Large cookie will make site a bit slower.
were it me, i'd be tempted to override the session handlers in php and store the session stuff in a database. see http://us2.php.net/manual/en/function.session-set-save-handler.php
that way you control how the session variables are stored and where they are stored. you can read the session handle from the cookie or whatever in either language and write your own stuff for the java side.
精彩评论