Using keep-alive connections (HTTP 1.1) to create ftp-like sessions in PHP

I'm looking for a way to keep track of a HTTP 1.1 connection kept alive across requests, in order to get a ftp-like session. The idea would be to have an authentication at first request, and then, keeping the authentication valid while the socket is still open开发者_运维问答 (with HTTP 1.1 keep-alive feature).

I've been searching for such a solution without much success until here.

I'm looking for information, such as:

• is there somewhere a socket ID available from apache in PHP?
• is there a module allowing to add information to an HTTP 1.1 connection (something that could be used from PHP)?

Any other idea?

You can't do that.

I don't think Apache (or any web server, for that matter) exposes socket IDs to a PHP script. But it may be possible to uniquely identify a connection using $_SERVER['REMOTE_ADDR'] and $_SERVER['REMOTE_PORT'] because the same client can't initiate two connections to the same server from the same ephemeral port at the same time.

But even if you do this, the keep-alive session probably won't stay around long enough to allow for meaningful human interaction like FTP does. Most keep-alive sessions are automatically terminated after 5-15 seconds, depending on your web server's configuration. You may be able to tweak this, but it's a very bad idea to keep connections alive for longer than that, especially when using Apache with mod_php, because a long-lasting connection can monopolize server resources at the expense of other users. Besides, computers and routers tend to reuse ephemeral ports, so there's no guarantee that you're talking to the same user. Things get even more complicated when you take into account all the proxies and reverse proxies that people use every day.

Just use sessions and/or cookies. They always work.

If you are not limited to apache, and can simply run php scripts I think you can do it.

http://php.net/manual/en/book.sockets.php

PHP allows you to open a specific port and have low level read writes on it. This way you can write any existing or your own protocols.

For this particular situation, you can have apache running on a non-http port and listen the http port from custom PHP script. You shall then authenticate the request on connection; append a custom header(call it myauth) for user and then forward the request to apache. Make sure you filter out the myauth header while reading the original http request.