开发者

CURL Session Management

I am building an application that is built upon an API that requires Basic Authentication. I have made many calls and wrapped up the CURL requests inside a class that I've made,

I'm using a cookie jar that I use like this:

curl_setopt($curl_handle, CURLOPT_COOKIEJAR, "cookie.txt");
curl_开发者_开发问答setopt($curl_handle, CURLOPT_COOKIEFILE, "cookie.txt");

I am trying to keep sessions by using cookie.txt to store the cookies and its been working great. However, today I came across an alarming discovery. When someone else (on a different computer) goes to my app, they can see my session information (probably because it's using the same file as reference for the session). I have thought that perhaps I could generate a new "cookie jar" for each visitor, but this will probably not work when it goes to production. The quantity of users is going to be in the thousands at least, so I think this means that I would need a cookie file for each visit right?

This doesn't seem practical and not to mention that I would have to create the cookie file programmatically. Has anybody else come across this issue before? Any suggestions would be a real help.

Perhaps there's a CURL setopt solution that would uniquely distribute the cookies amongst visits?

Thanks!


If you can expose the cookie to the user if you turn on curl_setopt($curl_handle, CURLOPT_HEADER,1) the headers returned by the curl exec will be present a the top of the content, you could match these out of the top of the content and pass them to the clients browser for retention, then pass any user cookies back through the curl process for the next request.

something crude I made a while ago:

  if(is_array($_COOKIE))
  {
    foreach($_COOKIE as $cookiename => $cookievalue)
    {
      if($cookievalue)
      {
        if(get_magic_quotes_gpc())
        {
          $cookievalue = stripslashes($cookievalue);
        }
        $cookies[] = $cookiename .'='. urlencode($cookievalue);
      }
    }
    if(is_array($cookies))
    {
      curl_setopt($curl_handle, CURLOPT_COOKIE,implode('; ',$cookies));
    }
  }

after the curl exec

  preg_match_all('%HTTP/\\d\\.\\d.*?(\\r\\n|\\n){2,}%si', $curl_result, $header_matches);
  $headers = split("\r\n", str_replace("\r\n\r\n",'',array_pop($header_matches[0])));
  if(is_array($headers))
  {
    foreach ($headers as $header)
    {
      preg_match('#(.*?)\:\s(.*)#', $header, $header_matches);
      if(isset($header_matches[1]))
      {
        $headers[$header_matches[1]] = $header_matches[2];
      }
      // SET THE COOKIE
      if($header_matches[1] == 'Set-Cookie')
      {
        header('Set-Cookie: ' . $header_matches[2],false);
      }
    }
  }
  # Remove the headers from the response body
  $curl_result = preg_replace('%HTTP/\\d\\.\\d.*?(\\r\\n|\\n){2,}%si','',$curl_result);
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜