cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

RE: Question: Maintaining separate CURLOPT_COOKIEFILE cookie sessions across multiple browsers

From: Liu Shan Shui <me_at_lx.sg>
Date: Wed, 1 Jul 2009 05:47:19 +0800

Hi Alex,

 

This is an easy one - ingredients as follow:

 

1. A cookies directory chmoded to 777.

2. Sessions

 

On first visit, generate a unique ID for the visitor and store it in a
session variable like $_SESSION['cookie_id']. Then whenever you need a
cookie for storage, set the COOKIE* options as
"cookies/$_SESSION[cookie_id].text".

 

Tips: Make sure the cookie ID is not revealed anywhere and is unguessable,
and remember to turn off the index listing for the cookies directory or
place a dummy index.html there. Also, do run a cleanup on the cookies
directory regularly before it is flooded with cookie files.

 

I wrote a web proxy script for my now-defunct proxy site several months ago,
and the source code is available here:

http://files.lx.sg/shadyproxy.r139.zip

 

You will probably want to look at line 14 of proxy.php for your case:

if (!isset($_SESSION['cookie_id'])) $_SESSION['cookie_id'] = time() . '_' .
str_pad(mt_rand(0, 9999), 4, '0', STR_PAD_LEFT);

 

Let me know if you have any further questions.

 

With regards,

Liu Shan Shui

me_at_lx.sg

"Life would be much easier if I had the source code." - Anonymous

 

From: curl-and-php-bounces_at_cool.haxx.se
[mailto:curl-and-php-bounces_at_cool.haxx.se] On Behalf Of Alex Judd
Sent: Tuesday, June 30, 2009 11:51 PM
To: curl-and-php_at_cool.haxx.se
Cc: 'Alex Judd'
Subject: Question: Maintaining separate CURLOPT_COOKIEFILE cookie sessions
across multiple browsers

 

Hi Daniel and everyone

 

First post here so a brief Hi and a quick question I wonder if anyone has
any experience (I've read around the mailing lists but couldn't find
anything that directly answered).

 

I'm building a PHP proxy server that uses Curl to read and write from an
existing website, and to return the response to PHP for me to manipulate as
I like.

 

Now the good news is this works pretty well, and POST and GET variables are
being maintained and passed backwards and forwards, as are COOKIES with the
CURLOPT_COOKIEFILE option.

 

However, the problem I have is that if two separate webbrowsers/users access
the system at the same time, they get to share the same cookies and thus can
see each other's session information etc. [which is obviously not what we
want]

 

Has anyone built a similar system where the COOKIEFILE settings are
maintained on a separate PHP user/session based approach?

 

Many thanks in advance

 

Alex

 

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2009-06-30