Joomla! Discussion Forums

Hello,

I have a problem continuing a session that's stored in the session table. Here is the situation: I have a component that takes HEADER and POST information from a secondlife object, and does some origin/security checks. When this is done, it sends back the current Session ID with:
$session = $this->main->getSession();
$sid = $session->getId();
//and then authentication info+session-id is parsed back to the view, to return to the sl-object.

Now the object knows the sessionid that joomla uses for this request. When a next request goes from the secondlife object, it doesn't send the original POST-information(containing userinfo), but the session-id. Since Secondlife-servers don't store cookies, it should entirely depend on the database for session-info. Somehow when a second request is made, it also makes an entirely new session.

So, here it is: Would it be possible to retrieve a session like this?
index.php?option=com_mycomponent&view=foo&controller=bar&sid=mycurrentsessionid

I searched all forums, and the API for a solution, but can't find any. I hope someone more experienced can help me out. Thanks.

Phrearch Miles/Jeroen van Veen

I don't know if this exists for Joomla myself but I am not completely familiar with Joomla 1.5 yet which is what I believe you are using.  But in your component you should be able to pick up the param from the url then, shouldn't you?  I don't ever remember seeing a sessionid or sid param for Joomla 1.0 in my time with it so maybe there is not one for Joomla 1.5... yet...

Then maybe you could use this class maybe to read it from the database and make sure its valid and whatnot:

http://api.joomla.org/__filesource/fsou ... p.html#a63

hey,

yea, you're right. that's the class that should make it happen. Weird thing is that when I open the component through a browser, the same session is used automagically. I have no clue how to make joomla force to use a certain session. Maybe some useful info can be held from comparing session-info? Normal one looks like:
__default|a:7:{
s:15:"session.counter";i:2;
s:19:"session.timer.start";
i:1195525767;
s:18:"session.timer.last";
i:1195525767;
s:17:"session.timer.now";
i:1195525776;
s:22:"session.client.browser";
s:82:"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071103 BonEcho/2.0.0.9";
s:8:"registry";
O:9:"JRegistry":3:{s:17:"_defaultNameSpace";s:7:"session";s:9:"_registry";
a:1:{s:7:"session";
a:1:{s:4:"data";
O:8:"stdClass":0:{}}}s:7:"_errors";
a:0:{}}s:4:"user";
O:5:"JUser":19:{s:2:"id";i:0;s:4:"name";N;s:8:"username";N;s:5:"email";N;s:8:"password";
N;s:8:"usertype";N;s:5:"block";N;s:9:"sendEmail";i:1;s:3:"gid";i:0;s:12:"registerDate";N;s:13:"lastvisitDate";N;
s:10:"activation";N;s:6:"params";N;s:3:"aid";i:0;s:5:"guest";i:1;s:7:"_params";
O:10:"JParameter":7:{s:4:"_raw";s:0:"";s:4:"_xml";N;s:9:"_elements";a:0:{}s:12:"_elementPath";
a:1:{i:0;s:78:"/home/httpd/html/development/joomla1.5/libraries/joomla/html/parameter/element";}
s:17:"_defaultNameSpace";s:8:"_default";s:9:"_registry";
a:1:{s:8:"_default";a:1:{s:4:"data";O:8:"stdClass":0:{}}}s:7:"_errors";a:0:{}}s:9:"_errorMsg";N;s:7:"clearPW";s:0:"";
s:7:"_errors";a:0:{}}}


Now after every new request from the secondlife-terminal, a new session is created. The session-info from a sl-request that is created looks like:
__default|a:8:
{s:15:"session.counter";i:1;s:19:"session.timer.start";i:1195525853;s:18:"session.timer.last";i:1195525853;s:17:"session.timer.now";
i:1195525853;
s:24:"session.client.forwarded";
s:9:"127.0.0.1";
s:22:"session.client.browser";
s:53:"Second Life LSL/1.18.5(73200) (http://secondlife.com)";
s:8:"registry";
O:9:"JRegistry":3:{s:17:"_defaultNameSpace";s:7:"session";s:9:"_registry";a:1:{s:7:"session";a:1:{s:4:"data";
O:8:"stdClass":0:{}}}s:7:"_errors";a:0:{}}s:4:"user";
O:5:"JUser":19:{s:2:"id";i:0;s:4:"name";N;s:8:"username";N;s:5:"email";N;s:8:"password";N;s:8:"usertype";
N;s:5:"block";N;s:9:"sendEmail";i:1;s:3:"gid";i:0;s:12:"registerDate";N;s:13:"lastvisitDate";N;s:10:"activation";
N;s:6:"params";N;s:3:"aid";i:0;s:5:"guest";i:1;s:7:"_params";
O:10:"JParameter":7:{s:4:"_raw";s:0:"";s:4:"_xml";N;s:9:"_elements";a:0:{}s:12:"_elementPath";
a:1:{i:0;s:78:"/home/httpd/html/development/joomla1.5/libraries/joomla/html/parameter/element";}s:17:"_defaultNameSpace";
s:8:"_default";s:9:"_registry";a:1:{s:8:"_default";a:1:{s:4:"data";O:8:"stdClass":0:{}}}s:7:"_errors";a:0:{}}s:9:"_errorMsg";
N;s:7:"clearPW";s:0:"";s:7:"_errors";a:0:{}}}

Not sure if something in this second database-session keeps Joomla from remembering which object made the request 

Hmm...  that does seem odd.  Has it always done that?

It looks like from second life Joomla recognizes it is coming through a proxy or something with this extra bit:

"session.client.forward";s:9:"127.0.0.1";s:22:

In the code in /libraries/joomla/session/session.php it has:



Well I thinking maybe somehow Secondlife just doesn't use the same session path each time then.  Maybe it routes each request through a different server or something... and the webserver has no way to know its the same session?

Maybe there would have to be some other way to identify the sessions in SL if that is the case.  I know that when a region is restarted it probably won't be on the same server anymore so it would probably have a different IP so you probably couldn't tell Joomla to look at IPs reliably.  But maybe a region name which SL sends... HTTP_X_SECONDLIFE_REGION

Maybe some other SL developers have had similar session problems and have a solution on the SL forums or somewhere in SL even.

Or maybe you have it fixed by now =)

Not really. Still stuck with the problem  .
gethostbyaddr($_SERVER['REMOTE_ADDR']) returns sim2941.agni.lindenlab.com(resolves to 64.129.43.183)
Any way to use that for session-info? ps. Im still using RC2...

The solution as given by some experienced lsl-scripters was to send the session-id over the line in the url. So, what the script does right now is:
- sending the whole userinfo as GET-params
- Return the authentication-state + the Joomla session id(from session table)
- Send the session-id with every next request

But then when I make this next request, it creates just another session. I thought of destroying the current new session, getting the session-id from the url, and continue with that session. Feels pretty much as a dirty hack, if even possible 
Some info from another created session from sl:
__default|a:8:{s:15:"session.counter";i:1;s:19:"session.timer.start";i:1195529345;s:18:"session.timer.last";i:1195529345;
s:17:"session.timer.now";i:1195529345;s:24:"session.client.forwarded";s:9:"127.0.0.1";s:22:"session.client.browser";
s:53:"Second Life LSL/1.18.5(73200) (http://secondlife.com)";s:8:"registry";O:9:"JRegistry":3:{s:17:"_defaultNameSpace";s:7:"session";s:9:"_registry";a:1:
{s:7:"session";a:1:{s:4:"data";O:8:"stdClass":0:{}}}s:7:"_errors";a:0:{}}s:4:"user";O:5:"JUser":19:
{s:2:"id";i:0;s:4:"name";N;s:8:"username";N;s:5:"email";N;s:8:"password";N;s:8:"usertype";N;s:5:"block";N;s:9:"sendEmail";i:1;
s:3:"gid";i:0;s:12:"registerDate";N;s:13:"lastvisitDate";N;s:10:"activation";N;s:6:"params";N;s:3:"aid";i:0;s:5:"guest";i:1;
s:7:"_params";O:10:"JParameter":7:{s:4:"_raw";s:0:"";s:4:"_xml";N;s:9:"_elements";a:0:{}s:12:"_elementPath";
a:1:{i:0;s:78:"/home/httpd/html/development/joomla1.5/libraries/joomla/html/parameter/element";}s:17:"_defaultNameSpace";
s:8:"_default";s:9:"_registry";a:1:{s:8:"_default";a:1:{s:4:"data";O:8:"stdClass":0:{}}}s:7:"_errors";a:0:{}}s:9:"_errorMsg";N;
s:7:"clearPW";s:0:"";s:7:"_errors";a:0:{}}}

upgraded the component to RC3. Same problem though 
Reading until I find a solution...

hm, something changed. Changed this:

To:


Now it has a real address. Not sure if this is getting me a step close. Still stuck...

__default|a:10:{s:15:"session.counter";i:1;s:19:"session.timer.start";i:1195539988;s:18:"session.timer.last";i:1195539988;
s:17:"session.timer.now";i:1195539988;s:24:"session.client.forwarded";s:9:"127.0.0.1";s:22:"session.client.address";
s:13:"64.129.43.183";s:22:"session.client.browser";s:53:"Second Life LSL/1.18.5(73200) (http://secondlife.com)";s:8:"registry";O:9:"JRegistry":3:{s:17:"_defaultNameSpace";s:7:"session";s:9:"_registry";a:1:
{s:7:"session";a:1:{s:4:"data";O:8:"stdClass":0:{}}}s:7:"_errors";a:0:{}}s:4:"user";O:5:"JUser":19:{s:2:"id";i:0;s:4:"name";N;
s:8:"username";N;s:5:"email";N;s:8:"password";N;s:14:"password_clear";s:0:"";s:8:"usertype";N;s:5:"block";N;
s:9:"sendEmail";i:1;s:3:"gid";i:0;s:12:"registerDate";N;s:13:"lastvisitDate";N;s:10:"activation";N;s:6:"params";N;s:3:"aid";i:0;
s:5:"guest";i:1;s:7:"_params";O:10:"JParameter":7:{s:4:"_raw";s:0:"";s:4:"_xml";N;s:9:"_elements";a:0:{}s:12:"_elementPath";
a:1:{i:0;s:81:"/home/httpd/html/development/joomla1.5rc3/libraries/joomla/html/parameter/element";}s:17:"_defaultNameSpace";
s:8:"_default";s:9:"_registry";a:1:{s:8:"_default";a:1:{s:4:"data";O:8:"stdClass":0:{}}}s:7:"_errors";a:0:{}}s:9:"_errorMsg";
N;s:7:"_errors";a:0:{}}s:13:"session.token";s:32:"7afa4e5d77e731df4f708d8e9e6b1a43";}

Maybe this is related to it?
http://www.travelblog.com/2007/index.php?bid=future
http://www.joomla.org/component/option,com_jd-wp/Itemid,33/p,28/
http://api.joomla.org/Joomla-Framework/Table/JTableSession.html

Allthough the session client address remains 64.129.43.183 all the time 
I guess the real question is: how does Joomla "know" when to continue with a session? Is it through a cookie with a token, or what?
I'm really losing my mind here 

Hm, just checked my cookies, and it looks like it's stored indeed as a cookie. Name=someunknownhash, value=thesessionid, host=myhost , So...I dont want to use cookies to store the session. checking it out.

I'm not sure, but I may have found something. Is it possible that it's a php.ini setting, in which some cookie magic must be done?
Like "session.cookie_lifetime = 0" kills the cookie when the browser closes(one request from lsl imitates close browser event?)

Hm, When i set session storage to none, its filling NULL fields, but it's getting a new session on every request allright. So the problem is not the content of the session DB, but rather...something else 

If the ip isn't changing then maybe that isn't how SL does requests then.

On the next page of the one link you gave: http://www.travelblog.com/2007/index.php?p=1&bid=future


Then it goes on to explain some potential solutions.  It seems the AOL users behind these types of proxy could stay logged in when clicking the Remember me button but would cause inflated session values and reported users online but maybe that would be a start.  But then on another page it said that the AOL connections worked fine when they didn't use the AOL browser and used IE instead.

It also explains some other things that maybe would be useful.  I don't know if Joomla 1.5 even does the same type of thing with sessions.  It looks like in /libraries/joomla/session/session.php there are some extra functions like fork that might be useful or _start

http://www.php.net/session

In the last comment there is a person who thought they have found some session bug with some code... maybe that would be useful?

Another comment on there says:


Maybe that is it...

Hi Ty2u,

thank you for your reply.

That's exactly what happens right now. Because by every request, a new serverside session-cookie is made, the "guest"-online count raises quickly in a couple of minutes. I checked, and apache nicely creates a new session file for each request in it's tmp directory.



Yea, that looks interesting. I'm not sure though, but maybe the only way is to let the old session be destroyed, and fork a new one. I think the administrator-part allready does something like that to prevend "session fixation" attacks.
http://issues.civicrm.org/jira/browse/CRM-2148


So basically I should do something like this:

• Let the new session with empty data be created(already happening now)
• Copy the content of the previous session(not sure how to detect which session to copy) to the new one
• Destroy the old session

Anyway, the most important thing is why it happens. Maybe it's because Joomla can't create a clientside cookie at the LL-server?
I've checked my php-settings. session.cookie-secure is set to off. Here are my php session settings:



In session.php session.use_trans_sid is set to 0, before some cookie work is done. Here is some info about it:
http://www.mtdev.com/2002/06/why-you-should-disable-phps-session-use_trans_sid

So: Joomla creates a serverside and a clientside cookie to determin if a session is new, or in use.


So, I guess somehow the sessionid needs to be send along with the url, in order to get this session running. Not sure if that's natively supported by joomla.

Ok, trying to remove the session on each request.
When I call $session->destroy(); the data is set to NULL in the session table, but the session itself remains.
How can I use JTableSession to remove it? edit: Hm, think this is a new thread

Hey there 

How are things working out with this now?  I have been a little busy lately but I would love to help test things out if you need someone to test or whatever.  Not sure how useful I can be but anything that can help make this project work perfectly would be wonderful in my books.

Ryan

P.S.
I tried opensim and liked it too =)  I have been watching the svn and they seem to be making continual updates to it.  It appears to be coming along fairly quickly from what I am seeing.  When I first tried it there wasn't even any lsl abilities yet but now there are quite a few it seems.  I am excited to see the sort of interface you describe about adding and removing sims and whatnot.