开发者

Cross language and server http session variables

I have one problem of开发者_StackOverflow社区 retrieving http session variables. I have two sever, one jetty and one apache. And two languages PHP in Apache and Java in jetty. When the user login to the website, his or hers profile ID is stored as Session variable in the Apache server in PHP. Can I somehow retrieve this session variable from the Jetty server using Java?


For cross server session you can keep session in cookies. But you need to make sure that these cookies are encrypted using some strong algorithm and key.

If you want to store only user ID. Then you can store ID as it is if its public ID and store a signature along with that, if ID is tempered with you can detect it using signature.

Create two cookies after authentication

  1. One contains ID and 
  2. other contains signature of ID like using function in php called hmac_hash

hmac_hash

Whenever you get a request which needs authentication.

  1. Using ID and same secret generate same signature back.
  2. Check if the signature you generated is same as one you got in cookie.

Warning: Slight mistake can make data public.
Warning 2: Large cookie will make site a bit slower.


were it me, i'd be tempted to override the session handlers in php and store the session stuff in a database. see http://us2.php.net/manual/en/function.session-set-save-handler.php

that way you control how the session variables are stored and where they are stored. you can read the session handle from the cookie or whatever in either language and write your own stuff for the java side.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜