Thread: [Php-java-bridge-users] session sharing with JavaBridge

Brought to you by: andremachado, gromwe, jon_koerber, jost_boekemeier, kai_londenberg

php-java-bridge-users

[Php-java-bridge-users] session sharing with JavaBridge

From: Raphael V. <rv_...@os...> - 2005-09-09 09:18:17

Hi,

I installed php-java-bridge_2.0.8RC2 on Apache Tomcat/5.5.9 on Windows and use it from PHP  5.0.4 on the same machine.
While testing the examples I noticed some strange behavior.

Scenario:

JSP Url: http://localhost:8080/JavaBridge/sessionSharing.jsp

PHP Url: http://localhost/JavaBridge/sessionSharing.php


If the first hit goes to the PHP-Page it creates a cookie with the following information:

name: JSESSIONID
value: 84C9FD1F9C6AF4D81AAC24F6395DE10F
host: localhost
path: /

If the next hit goes to the JSP it recognizes the cookie and use the same session as expected.


If the first hit goes to the JSP it creates a cookie with a different path:

name: JSESSIONID
value: B9B7C792CB0242E808789B4DD7CD7A3A
host: localhost
path: /JavaBridge

Now the PHP-Page don't use this cookie and create an new one with path = / and the session will not be shared.

Is this a bug in JavaBridge or it is standard behavior of Tomcat? Is there any way to change it?

regards,
Raphael

Ant: [Php-java-bridge-users] session sharing with JavaBridge

From: Jost B. <jos...@ya...> - 2005-09-10 10:00:18

Hi Raphael,

> http://localhost:8080/JavaBridge/sessionSharing.jsp
> http://localhost/JavaBridge/sessionSharing.php

interesting.  I didn't think about this scenario. I
assume you use IIS, which cannot JkMount the tomcat
folder, and manually redirect all .jsp requests to a
different server.


> Is this a bug in JavaBridge 

If we want session sharing between different servers,
we must strip off the server part from PHP_SELF,
please see protocol.c, setResultWith_context()

This raises some security concerns, though.

So before I change the code to strip away the server
part, I would like to see a use case. Can you please
explain why do need this?


Regards,
Jost Boekemeier



	
		
___________________________________________________________ 
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de

Re: Ant: [Php-java-bridge-users] session sharing with JavaBridge

From: Raphael V. <rv_...@os...> - 2005-09-10 12:24:01

Hi, Jost,

thanks for for answer.

> Hi Raphael,
> 
> 
>>http://localhost:8080/JavaBridge/sessionSharing.jsp
>>http://localhost/JavaBridge/sessionSharing.php
> 
> 
> interesting.  I didn't think about this scenario. I
> assume you use IIS, which cannot JkMount the tomcat
> folder, and manually redirect all .jsp requests to a
> different server.

I use Apache 2.0.53. Perhaps it is not clear: Both server use different
folders. The logical path is the same to avoid problems with the path
value in the cookie.

> 
>>Is this a bug in JavaBridge 
> 
> 
> If we want session sharing between different servers,
> we must strip off the server part from PHP_SELF,
> please see protocol.c, setResultWith_context()


I wonder why it work in one direction but not the other way round. The
only difference is the path value. A workaround could be to set the path
always to / so the cookie is valid for the whole server. The port is imo
not relevant. Unfortunately I can not do it by myself because I don't
know if it is handled by the JavaBridge or in Tomcat.

> This raises some security concerns, though.
> 
> So before I change the code to strip away the server
> part, I would like to see a use case. Can you please
> explain why do need this?

We have a pretty complex application written in PHP which we need to
integrate into a Java Portal. The Portal runs in a OC4J and the PHP
application on an seperate Apache Instance on the same machine. Both
application have a own user management. If a user log in (the portal)
and then goes to the PHP application it need to know which user is it. I
thought the easiest way is to read the Java session and then map the
user data to the user of the PHP Application.

regards,
Raphael

Ant: Re: Ant: [Php-java-bridge-users] session sharing with JavaBridge

From: Jost B. <jos...@ya...> - 2005-09-11 21:22:41

Hi Raphael,

all pages are generated through tomcat, only the
content within the page is generated by php. Since you
use the default value for java.servlet which is:

java.servlet="/JavaBridge/PhpJavaServlet"

tomcat has set the path value to the app directory,
which is "/JavaBridge".

The reason why the bridge component truncated the
/JavaBridge to / was to disallow session sharing for
PHP pages which are outside of the app directory. The
current test is wrong, of course: /JavaBridge !=
JavaBridge, so the bridge has incorrectly changed the
path.


> not relevant. Unfortunately I can not do it by
> myself because I don't
> know if it is handled by the JavaBridge or in
> Tomcat.

You can remove the strncmp from line#198 in
http://cvs.sourceforge.net/viewcvs.py/php-java-bridge/php-java-bridge/protocol.c?annotate=1.29

I have created a bug report for this, please see
PR1288025
(http://sourceforge.net/tracker/index.php?func=detail&aid=1288025&group_id=117793&atid=679233).

I will prepare a 2.0.8RC3 tomorrow evening.


Regards,
Jost Boekemeier



	

	
		
___________________________________________________________ 
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de