Re: How to share a session with a php application.
Hi! nameless wrote: > In your opinion what is the best way to share userid with the PHP > application ? If you know where PHP sessions are stored on the file system, you can fetch them manually and deserialize (there is a Python class to deserialize PHP objects). Then you can fetch user id from the PHP session. You can also search or create a PHP session serializer that writes to the database. Then you can read from the database in your Django app. I would go this way as it makes less hacking than accessing session files. -- Dmitry Dulepov Twitter: http://twitter.com/dmitryd/ Web: http://dmitry-dulepov.com/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to share a session with a php application.
Hi, In your opinion what is the best way to share userid with the PHP application ? --- On Jun 7, 7:59 am, Dmitry Dulepov wrote: > Hi! > > nameless wrote: > > Someone has telled me that I could share the user id ( from Django and > > PHP ) > > also throught a cookie. > > In your opinion what is the best way ? > > What would prevent me from forging a cookie with somebody else's user id > and impersonating another user? It is a major security issue. > > -- > Dmitry Dulepov > Twitter:http://twitter.com/dmitryd/ > Web:http://dmitry-dulepov.com/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to share a session with a php application.
Hi! nameless wrote: > Someone has telled me that I could share the user id ( from Django and > PHP ) > also throught a cookie. > In your opinion what is the best way ? What would prevent me from forging a cookie with somebody else's user id and impersonating another user? It is a major security issue. -- Dmitry Dulepov Twitter: http://twitter.com/dmitryd/ Web: http://dmitry-dulepov.com/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to share a session with a php application.
hep :D On Jun 5, 7:41 pm, nameless wrote: > I want to add cometchat ( written in PHP ) in my djangoproject and I > need to > edit this function to get it work ( a function that return the userid > of the user logged in ): > > function getUserID() { > > // I could use SESSION or other to get the user id fo the user > logged in: > > if (!empty($_SESSION['userid'])) { $userid = $_SESSION['userid']; > } > > return $userid; > > } > > How could I do that ? > > -- > On Jun 5, 7:28 pm, Vasil Vangelovski wrote: > > > Not directly. > > > The session cookie stores the session id (session key). The session id > > references data stored for the session in the django session backend. > > The user for that session is contained in that data. So it really > > depends on what the session backend is. So I'll assume it's the > > default which is the database backend which keeps this data in the > > django_session table, which has a column session_data which holds an > > encoded (pickled) python dict with the session data, which I'm 99.99% > > sure you can't decode directly from PHP, because it's a serialize > > Python object. So if you can't access it directly from PHP you need to > > open a service of some sort on your django application or anything > > that's written in python that would give this data to the PHP > > application, this service should be only accessed from the PHP app on > > the serverside for good security. So it requires punching holes for no > > special reason. Or is there something very special about this PHP > > script that you can't do with 10-200 times less code in your django > > application? > > > On Sat, Jun 5, 2010 at 5:18 PM, nameless wrote: > > > > Someone has telled me that I could share the user id ( from Django and > > > PHP ) > > > also throught a cookie. > > > In your opinion what is the best way ? > > > > Thanks ^_^ > > > > - > > > > On Jun 5, 4:01 pm, Vasil Vangelovski wrote: > > >> set > > > >> SESSION_COOKIE_DOMAIN=".mychatapp.com" > > > >> this will make the django cookie valid both forwww.mychat.comand > > >> chat.mychat.com > > > >> On Sat, Jun 5, 2010 at 2:34 PM, nameless wrote: > > >> > If the chat is in a subdomain ? > > > >> > > > > >> > On Jun 5, 2:05 pm, Vasil Vangelovski wrote: > > >> >> It's possible if both of your applications are under the same domain. > > >> >> see the SESSION_COOKIE_* settings variables > > > >> >>http://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-age > > > >> >> You can then find the current user by the sessionid from the django_* > > >> >> tables. > > > >> >> On Sat, Jun 5, 2010 at 1:40 PM, nameless > > >> >> wrote: > > > >> >> > I have a django blog project and a chat in PHP. > > > >> >> > I need to share the id of the user logged in django > > >> >> > ( request.user.id ) with the chat in PHP. > > > >> >> > Is this possible ? > > > >> >> > -- > > >> >> > You received this message because you are subscribed to the Google > > >> >> > Groups "Django users" group. > > >> >> > To post to this group, send email to django-us...@googlegroups.com. > > >> >> > To unsubscribe from this group, send email to > > >> >> > django-users+unsubscr...@googlegroups.com. > > >> >> > For more options, visit this group > > >> >> > athttp://groups.google.com/group/django-users?hl=en. > > > >> > -- > > >> > You received this message because you are subscribed to the Google > > >> > Groups "Django users" group. > > >> > To post to this group, send email to django-us...@googlegroups.com. > > >> > To unsubscribe from this group, send email to > > >> > django-users+unsubscr...@googlegroups.com. > > >> > For more options, visit this group > > >> > athttp://groups.google.com/group/django-users?hl=en. > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Django users" group. > > > To post to this group, send email to django-us...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > django-users+unsubscr...@googlegroups.com. > > > For more options, visit this group > > > athttp://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to share a session with a php application.
I want to add cometchat ( written in PHP ) in my djangoproject and I need to edit this function to get it work ( a function that return the userid of the user logged in ): function getUserID() { // I could use SESSION or other to get the user id fo the user logged in: if (!empty($_SESSION['userid'])) { $userid = $_SESSION['userid']; } return $userid; } How could I do that ? -- On Jun 5, 7:28 pm, Vasil Vangelovski wrote: > Not directly. > > The session cookie stores the session id (session key). The session id > references data stored for the session in the django session backend. > The user for that session is contained in that data. So it really > depends on what the session backend is. So I'll assume it's the > default which is the database backend which keeps this data in the > django_session table, which has a column session_data which holds an > encoded (pickled) python dict with the session data, which I'm 99.99% > sure you can't decode directly from PHP, because it's a serialize > Python object. So if you can't access it directly from PHP you need to > open a service of some sort on your django application or anything > that's written in python that would give this data to the PHP > application, this service should be only accessed from the PHP app on > the serverside for good security. So it requires punching holes for no > special reason. Or is there something very special about this PHP > script that you can't do with 10-200 times less code in your django > application? > > On Sat, Jun 5, 2010 at 5:18 PM, nameless wrote: > > > Someone has telled me that I could share the user id ( from Django and > > PHP ) > > also throught a cookie. > > In your opinion what is the best way ? > > > Thanks ^_^ > > > - > > > On Jun 5, 4:01 pm, Vasil Vangelovski wrote: > >> set > > >> SESSION_COOKIE_DOMAIN=".mychatapp.com" > > >> this will make the django cookie valid both forwww.mychat.comand > >> chat.mychat.com > > >> On Sat, Jun 5, 2010 at 2:34 PM, nameless wrote: > >> > If the chat is in a subdomain ? > > >> > > > >> > On Jun 5, 2:05 pm, Vasil Vangelovski wrote: > >> >> It's possible if both of your applications are under the same domain. > >> >> see the SESSION_COOKIE_* settings variables > > >> >>http://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-age > > >> >> You can then find the current user by the sessionid from the django_* > >> >> tables. > > >> >> On Sat, Jun 5, 2010 at 1:40 PM, nameless wrote: > > >> >> > I have a django blog project and a chat in PHP. > > >> >> > I need to share the id of the user logged in django > >> >> > ( request.user.id ) with the chat in PHP. > > >> >> > Is this possible ? > > >> >> > -- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups "Django users" group. > >> >> > To post to this group, send email to django-us...@googlegroups.com. > >> >> > To unsubscribe from this group, send email to > >> >> > django-users+unsubscr...@googlegroups.com. > >> >> > For more options, visit this group > >> >> > athttp://groups.google.com/group/django-users?hl=en. > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups "Django users" group. > >> > To post to this group, send email to django-us...@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > django-users+unsubscr...@googlegroups.com. > >> > For more options, visit this group > >> > athttp://groups.google.com/group/django-users?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to share a session with a php application.
Not directly. The session cookie stores the session id (session key). The session id references data stored for the session in the django session backend. The user for that session is contained in that data. So it really depends on what the session backend is. So I'll assume it's the default which is the database backend which keeps this data in the django_session table, which has a column session_data which holds an encoded (pickled) python dict with the session data, which I'm 99.99% sure you can't decode directly from PHP, because it's a serialize Python object. So if you can't access it directly from PHP you need to open a service of some sort on your django application or anything that's written in python that would give this data to the PHP application, this service should be only accessed from the PHP app on the serverside for good security. So it requires punching holes for no special reason. Or is there something very special about this PHP script that you can't do with 10-200 times less code in your django application? On Sat, Jun 5, 2010 at 5:18 PM, nameless wrote: > > Someone has telled me that I could share the user id ( from Django and > PHP ) > also throught a cookie. > In your opinion what is the best way ? > > Thanks ^_^ > > - > > On Jun 5, 4:01 pm, Vasil Vangelovski wrote: >> set >> >> SESSION_COOKIE_DOMAIN=".mychatapp.com" >> >> this will make the django cookie valid both forwww.mychat.comand >> chat.mychat.com >> >> On Sat, Jun 5, 2010 at 2:34 PM, nameless wrote: >> > If the chat is in a subdomain ? >> >> > >> >> > On Jun 5, 2:05 pm, Vasil Vangelovski wrote: >> >> It's possible if both of your applications are under the same domain. >> >> see the SESSION_COOKIE_* settings variables >> >> >>http://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-age >> >> >> You can then find the current user by the sessionid from the django_* >> >> tables. >> >> >> On Sat, Jun 5, 2010 at 1:40 PM, nameless wrote: >> >> >> > I have a django blog project and a chat in PHP. >> >> >> > I need to share the id of the user logged in django >> >> > ( request.user.id ) with the chat in PHP. >> >> >> > Is this possible ? >> >> >> > -- >> >> > You received this message because you are subscribed to the Google >> >> > Groups "Django users" group. >> >> > To post to this group, send email to django-us...@googlegroups.com. >> >> > To unsubscribe from this group, send email to >> >> > django-users+unsubscr...@googlegroups.com. >> >> > For more options, visit this group >> >> > athttp://groups.google.com/group/django-users?hl=en. >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Django users" group. >> > To post to this group, send email to django-us...@googlegroups.com. >> > To unsubscribe from this group, send email to >> > django-users+unsubscr...@googlegroups.com. >> > For more options, visit this group >> > athttp://groups.google.com/group/django-users?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to share a session with a php application.
Someone has telled me that I could share the user id ( from Django and PHP ) also throught a cookie. In your opinion what is the best way ? Thanks ^_^ - On Jun 5, 4:01 pm, Vasil Vangelovski wrote: > set > > SESSION_COOKIE_DOMAIN=".mychatapp.com" > > this will make the django cookie valid both forwww.mychat.comand > chat.mychat.com > > On Sat, Jun 5, 2010 at 2:34 PM, nameless wrote: > > If the chat is in a subdomain ? > > > > > > On Jun 5, 2:05 pm, Vasil Vangelovski wrote: > >> It's possible if both of your applications are under the same domain. > >> see the SESSION_COOKIE_* settings variables > > >>http://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-age > > >> You can then find the current user by the sessionid from the django_* > >> tables. > > >> On Sat, Jun 5, 2010 at 1:40 PM, nameless wrote: > > >> > I have a django blog project and a chat in PHP. > > >> > I need to share the id of the user logged in django > >> > ( request.user.id ) with the chat in PHP. > > >> > Is this possible ? > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups "Django users" group. > >> > To post to this group, send email to django-us...@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > django-users+unsubscr...@googlegroups.com. > >> > For more options, visit this group > >> > athttp://groups.google.com/group/django-users?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to share a session with a php application.
set SESSION_COOKIE_DOMAIN=".mychatapp.com" this will make the django cookie valid both for www.mychat.com and chat.mychat.com On Sat, Jun 5, 2010 at 2:34 PM, nameless wrote: > If the chat is in a subdomain ? > > > > > > On Jun 5, 2:05 pm, Vasil Vangelovski wrote: >> It's possible if both of your applications are under the same domain. >> see the SESSION_COOKIE_* settings variables >> >> http://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-age >> >> You can then find the current user by the sessionid from the django_* tables. >> >> On Sat, Jun 5, 2010 at 1:40 PM, nameless wrote: >> >> > I have a django blog project and a chat in PHP. >> >> > I need to share the id of the user logged in django >> > ( request.user.id ) with the chat in PHP. >> >> > Is this possible ? >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Django users" group. >> > To post to this group, send email to django-us...@googlegroups.com. >> > To unsubscribe from this group, send email to >> > django-users+unsubscr...@googlegroups.com. >> > For more options, visit this group >> > athttp://groups.google.com/group/django-users?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to share a session with a php application.
If the chat is in a subdomain ? On Jun 5, 2:05 pm, Vasil Vangelovski wrote: > It's possible if both of your applications are under the same domain. > see the SESSION_COOKIE_* settings variables > > http://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-age > > You can then find the current user by the sessionid from the django_* tables. > > On Sat, Jun 5, 2010 at 1:40 PM, nameless wrote: > > > I have a django blog project and a chat in PHP. > > > I need to share the id of the user logged in django > > ( request.user.id ) with the chat in PHP. > > > Is this possible ? > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to share a session with a php application.
It's possible if both of your applications are under the same domain. see the SESSION_COOKIE_* settings variables http://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-age You can then find the current user by the sessionid from the django_* tables. On Sat, Jun 5, 2010 at 1:40 PM, nameless wrote: > > I have a django blog project and a chat in PHP. > > I need to share the id of the user logged in django > ( request.user.id ) with the chat in PHP. > > Is this possible ? > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.