PHPSESSIED's in Perl?

Anon

Can the variables in the PHPSESSID be pulled into Perl in any way from the PHPSESSID?

yelvington

Yes, but you would have to write code to deserialize the session data and stuff it into variables.

By default, sessions store data in temporary server-side files. The session ID is a key that lets the Web server know which file to read in order to restore the saved variables. The stored data looks like this:

username|s:5:"sysop";firstname|s:3:"Foo";lastname|s:4:"Barr";uid|s:1:"1";

Create some PHP sessions and look in your /tmp directory. They are readable/writable only by the Web server, so you'll need to be root if you want to do your detective work.

Anon

Any clue on how I might get the PHPSESSID cookie into perl so that I can extract the information I need from it? I can store the session id's number into a variable by doing something like $myCookie = $ENV{'HTTP_COOKIE'};
but since session IDs just contain a number on the users computer, how do I make it open the corresponding cookie in the temp file on the server? Much thanks for your help.

DaveB

yelvington

Well, it's just a cookie, same as any other cookie. I don't do Perl, but I would assume it can read cookie info ....

Anon

Yeah, but my question is, how do I grab the PHPSESSID cookie? The actual cookie in HTTP_COOKIES just holds the PHP session ID number... I need to know how to grab stuff in the actual session ID in the servers temp file (using perl). If anyone has a clue, Id be very appreciate of sharing the knowledge. 😉 Thanks to Steve, too. I appreciate it.

DaveB

yelvington

The session file will be named "sess_" followed by the value of the session ID cookie, typically some horrendously long hex value like f0fd9e892d66fe6b20b2bce15f23a348 ... you should be able to open it an deserialize it with a bit of regular-expression work.

Anon

Last little question:

Do session files have any type of file extension? sess_87d8s9a79789d7as87da8s7d.something?

Anon

#!/usr/bin/perl

#this part grabs the PHPSESSID cookie from the users computer
$myCookie = $ENV{'HTTP_COOKIE'};

#this part splits the cookie apart so you can use just the hex number
#ex: PHPSESSID=24ef64917dcbe19730b184a8fe37449d would be the user's cookie
#this array will set the LONG hex value to $cookie[1]
@=split(/=/, $myCookie);

#this opens the actual PHPSESSID on the server computer
#you need to know the path to where session id's are stored
#session id files look like 'sess_24ef64917dcbe19730b184a8fe37449d' on the server side
open(SESSION,"/tmp/sess_$cookie[1]");
$mysess = <SESSION>;
close(SESSION);

#just to note, $mysess ended up looking like this, but with more values:
#clientID|s:1:"1";fname|s:4:"Dave";lname|s:8:"Baughman";email|s:25:"dbaughman@ca
rpeclicks.com";

#split up each section of the PHPSESSID into an array called @line
@line = split(/\;/, $mysess);

#takes each item in the array @line and runs a regular expression
#on it to extract each value in the of the session ID.
#This way makes it easier to remember what variables are what as opposed to the
#scalar array I was using before.

foreach $item(@line) {
chomp $item;
$item =~ s/(.+?)|.\"(.+?)\"./$1|$2/isg;
($name, $value) = split(/|/, $item);
$php{$name} = $value;
}
###################

Then just call the session variable you want by using $php{variablename} in your perl script. Thanks a million, Steve.

DaveB