Home » Php » Laravel sessions not available in native PHP?

Laravel sessions not available in native PHP?

Posted by: admin November 29, 2017 Leave a comment

Questions:

New to Laravel and having some problems with Sessions. Specifically, reading session data from a PHP file outside of Laravel.

For example, let’s say I set the session variable like so: Session::put('isAuthorized', 'yes') – I can retrieve this just fine in the Laravel context with Session::get('isAuthorized') but the following PHP will not retrieve this session key –

<?php
session_start();
echo $_SESSION['isAuthorized'];
?>

returns

Notice: Undefined index: isAuthorized in C:\xampp\htdocs\session.php on line 3

I have tried setting the Laravel session driver to both the default cookie and file modes, same result.

Answers:

Please note that this answer is specific to Laravel 3

Laravel doesn’t use PHP sessions, so forget session_start(), $_SESSION, etc.

If you’re running with file session driver, the session data is stored in a file in storage/sessions. You can obtain the name of the file by reading the Laravel session ID from the cookie. So the hacky way to solve your problem would be to write some code that obtains the session ID from the cookie and then looks for the file with that name in the storage/sessions folder, read that file in, json_decode() it and you can read the whole thing.

If you’re running with cookie session driver, all of the session data is stored in the cookie, but it is encrypted, so you’d have to have a copy of the key (which should be in application/config/application.php) and then figure out what encryption method Laravel is using so you can decrypt it. Then you can read all the session variables.

To achieve what you’re hoping to achieve – that is, figure out if the current person is authorized, it might be better to build an API into your app and secure it so that it can only be accessed by localhost. Not a great solution from a performance standpoint, but potentially more elegant because you’re not hacking around with the internals of Laravel session management.

Questions:
Answers:

You could also write a session adapter, so the $_SESSION variable will be an instance of it:

<?php 
class SessionAdapter implements \ArrayAccess {

  public function offsetExists($offset) {
      return Session::has($offset);
  }

  public function offsetGet($offset) {
      return Session::get($offset);
  }

  public function offsetSet($offset, $value) {
      return Session::put($offset, $value);
  }

  public function offsetUnset($offset) {
      return Session::forget($offset);
  }

}

And then somewhere in your code:

<?php 
$_SESSION = new SessionAdapter();

This way native PHP session and Laravel session will be “the same”

Anyway I hardly recommend to NOT rely on globals if it’s not strictly necessary (like for example, initializing an HttpRequest class).

Questions:
Answers:

Laravel uses storage drivers for its sessions, namely cookie, file, database, memory, memcached and redis (and APC in Laravel 4).

The web is a stateless environment. This means that each request to your application is considered unrelated to any previous request. However, sessions allow you to store arbitrary data for each visitor to your application. The session data for each visitor is stored on your web server, while a cookie containing a session ID is stored on the visitor’s machine. This cookie allows your application to “remember” the session for that user and retrieve their session data on subsequent requests to your application.

http://laravel.com/docs/session/config

The default storage driver is Cookie, so try this:

print_r($_COOKIE);

Questions:
Answers:

Session handling in Laravel is indeed different from native PHP session. To use native PHP session, set the value as below:

<?php
    session_start();

    $_SESSION['isAuthorized'] = 'yes';

    echo $_SESSION['isAuthorized']; // output yes
?>