By ken.wakefield on

I do not understand how Drupal has implemented php sessions, seems it stores everything in a table whereas I thought the beauty of a session was that once the browser was closed, a users session variables were closed and before that, their values were only accessible to the user himself.

I'm trying to pass a password from within php in a drupal node via a session variable to an external php application so it does not have to be typed in again.

I've tried

session_start();
$_SESSION['VARNAME'] = 'XYZ';

but this does not seem to work. Can anyone help please?

Categories: Drupal 6.x

Comments

yelvington’s picture

yelvington commented

The session is already initialized, so you do not call session_start(). All you should do is set the value of $_SESSION['somevariablekey'] = "somevalue" and it will persist.

I thought the beauty of a session was that once the browser was closed, a users session variables were closed and before that, their values were only accessible to the user himself.

The purpose of a session is to allow variables to persist across multiple interactions with the server. By default, PHP saves the data in temporary files on the server. Drupal moves session storage into the database for scalability purposes -- so that it can support multiple application servers with coherent session management.

Session variables are never destroyed when a browser closes, regardless of the storage method, since closing the browser does not generate an event visible to the server.

If the session cookie is lost by the browser, then the data remains locked away until it expires and is swept clean. Drupal sets the timeout values for the data store and the session cookies in the settings.php file. Notice the value of session.cookie_lifetime. This allows you to log into Drupal, restart your browser, and remain logged in.


/**
 * PHP settings:
 *
 * To see what PHP settings are possible, including whether they can
 * be set at runtime (ie., when ini_set() occurs), read the PHP
 * documentation at http://www.php.net/manual/en/ini.php#ini.list
 * and take a look at the .htaccess file to see which non-runtime
 * settings are used there. Settings defined here should not be
 * duplicated there so as to avoid conflict issues.
 */
ini_set('arg_separator.output',     '&');
ini_set('magic_quotes_runtime',     0);
ini_set('magic_quotes_sybase',      0);
ini_set('session.cache_expire',     200000);
ini_set('session.cache_limiter',    'none');
ini_set('session.cookie_lifetime',  2000000);
ini_set('session.gc_maxlifetime',   200000);
ini_set('session.save_handler',     'user');
ini_set('session.use_cookies',      1);
ini_set('session.use_only_cookies', 1);
ini_set('session.use_trans_sid',    0);
ini_set('url_rewriter.tags',        '');

Note that any session variables set in Drupal ARE NOT AVAILABLE TO ANY OTHER APPLICATION because other applications do not use Drupal's database-backed sessions. If you want to pass information between Drupal and another app, you can use (preferably encrypted) cookies, perhaps in conjunction with an XML interaction, or you could consider including the Drupal bootstrap.inc file. Use google to find examples and discussion.

ken.wakefield’s picture

ken.wakefield commented

Thankyou, I understand what you are saying.

If convenient, could you briefly expand on what you menat in the reference ...or you could consider including the Drupal bootstrap.inc file... to achieve interaction between drupal code and an external php application?