How do I Get Session with PHP and Ajax?

Get help using Construct 2

Post » Sat Mar 25, 2017 8:30 pm

Hello someone could help me to get the Session on game with PHP, please?
B
10
S
4
G
1
Posts: 11
Reputation: 1,360

Post » Sun Mar 26, 2017 3:31 pm

Sessions are handled on the server and by the browser. You do not have to manually deal with sessions in the C2 client.

The way it works is that you have a login script: login.php. THAT script is where you create and set parameters in the session. When the client logs in using that script, the server will set (on PHP's request) a session with a session ID in the Response Headers and the browser will store it as a cookie and return it to the server every request. You will be able to see this in the developer tools in Chrome (ctrl-shift-i) under the network tab and Headers.

So, long story short, you only deal with sessions in PHP, not in C2.

Some links to help:
http://machinesaredigging.com/2013/10/2 ... sion-work/
http://stackoverflow.com/questions/1009 ... gin-script
https://www.formget.com/login-form-in-php/
https://www.ravenheart.ca/home
Company name changed to avoid Facebook-type shenanigans

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
22
S
6
G
1
Posts: 1,415
Reputation: 4,824

Post » Sun Mar 26, 2017 3:56 pm

gumshoe2029 wrote:Sessions are handled on the server and by the browser. You do not have to manually deal with sessions in the C2 client.

The way it works is that you have a login script: login.php. THAT script is where you create and set parameters in the session. When the client logs in using that script, the server will set (on PHP's request) a session with a session ID in the Response Headers and the browser will store it as a cookie and return it to the server every request. You will be able to see this in the developer tools in Chrome (ctrl-shift-i) under the network tab and Headers.

So, long story short, you only deal with sessions in PHP, not in C2.

Some links to help:
http://machinesaredigging.com/2013/10/2 ... sion-work/
http://stackoverflow.com/questions/1009 ... gin-script
https://www.formget.com/login-form-in-php/

Ok thanks, but for example I have a game that we can publish our score only if be logged, I would like to know how can I get by Ajax the User session id and if it's possible?
B
10
S
4
G
1
Posts: 11
Reputation: 1,360

Post » Mon Mar 27, 2017 6:19 pm

No, it is not possible to pull the user id from the session on the client side, because HTTP security prevents that to stop session hijacking.

I tried storing the user id in a different cookie, but I still had trouble accessing it via JavaScript. You have to make sure the Cookie is not "HttpOnly" or "Secure". But don't do that to your session cookie, or you are putting your users in jeopardy of being session-jacked.

If that doesn't work, try to pass the user id back to the C2 client, you need to pass it back by a HTTP(/AJAX) GET request.


EDIT:

I forgot about direct JavaScript injection. Which is what we use. I forget where I found this method, but it was some obscure website.

For our game, I pass session parameters to the C2 client by direct JavaScript injection using this method:
Code: Select all
         out.println("function doIt(){");
         if(localSess!=null) {
            out.println("document.getElementById(\"dispName\").value = \"" + localSess.getDisplayName() + "\";");
            out.println("document.getElementById(\"pid\").value = \"" + localSess.getPlayerID() + "\";");
            out.println("document.getElementById(\"serverIP\").value = \"" + SP.domain(me) + "\";");
            out.println("document.getElementById(\"serverURL\").value = \"" + SP.url(me) + "engine\";");
            out.println("document.getElementById(\"serverTimestamp\").value = \"" + System.currentTimeMillis() + "\";");
            out.println("document.getElementById(\"capitolStarID\").value = \"" + Coordinate.starIdFromPlanetId(localSess.getCapPlanetID()) + "\";");
         }
         out.println("}");


Which makes a JavaScript function inside of the index.html file that looks like:
Code: Select all
function doIt(){
         document.getElementById("dispName").value = "username";
         document.getElementById("pid").value = "2";
         document.getElementById("serverIP").value = "www.ravenheart.ca";
         document.getElementById("serverURL").value = "/dev0";
         document.getElementById("serverTimestamp").value = "1490642097";
         document.getElementById("capitolStarID").value = 65;
}


Then I have a bunch of TextBoxes which have the "ID (optional)" fields named, 'dispName', 'pid', 'serverIP', 'serverURL', 'serverTimestamp', 'capitolStarId' which the doIt functions access to change the values of these TextBoxes.

Then on layout start, I simply do a Browser > Execute JavaScript("doIt();") and it loads all of these parameters from my servlets into the TextBoxes.
https://www.ravenheart.ca/home
Company name changed to avoid Facebook-type shenanigans

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
22
S
6
G
1
Posts: 1,415
Reputation: 4,824


Return to How do I....?

Who is online

Users browsing this forum: grigrizljac, korbaach and 16 guests