Click here to Skip to main content
11,631,884 members (72,011 online)
Click here to Skip to main content

Tagged as

Maintaining a Session in a Session-less Environment

, 13 May 2015 CPOL 3.5K 3
Rate this:
Please Sign up or sign in to vote.
How to maintain a session in a session-less environment

Confused? I know I was at first, but let me explain. First, why would there be a session-less environment? I thought this was a HUGE plus to server-side development languages over basic HTML that is session-less? Well, you would be right in that sense; however, as I mentioned in a recent blog that I've switched careers and I am currently doing server-side game development for large Facebook Virtual Worlds. The client/server relationship in these games are completely session-less. Each time the client performs an action, the server doesn't "know" who they are because it's not a consistent relationship like a browser and a web server.

Don't worry, there is a simple solution to this problem, let's explore it now.

The only thing we need to make this work is a unique identifier sent to us on each server call from the client. Something that is not obvious and cannot easily be guessed; since there is no true security in this process. The easiest thing to use is the session id that is created by the server on the first visit. No matter what the server-side language is, if it supports session, it will provide you with a unique session id. Below is some example PHP code to get our session id:

<?php
$sessionId = session_id();
?>

We will want to retrieve this id on the first page load (usually when we load the Flash application). The process would be something like this:

<?php
// start our session (assuming auto start is not turned on)
session_start();
// Check if the sessionId was passed in through the URL
if (array_key_exists('sessionId', $_REQUEST)) {
$sessionId = $_REQUEST['sessionId'];
// update our session id to the one passed in
session_id($sessionId);
} else {
// we don't have a session, so store the session id
$sessionId = session_id();
}
?>

On each page request, this will look for the session id in the URL or it will generate a new one. After this process, we would pass the $sessionId to Flash so they can send it back each time allowing us to maintain our session in a session-less environment.

You may have noticed that this is an incomplete example because we haven't stored anything in our session to maintain. To make this example complete, we will want to retrieve the "current user" from our database. In the else statement above, we would need to perform a query to retrieve the user. Once retrieved, we can store the user in the session and use it on each subsequent call when our session is already set.

Have I confused you even more? Below is a stripped down example of doing this with an iframed Facebook application:

<?php
// start our session (assuming auto start is not turned on)
session_start();
// Check if the sessionId was passed in through the URL
if (array_key_exists('sessionId', $_REQUEST)) {
$sessionId = $_REQUEST['sessionId'];
// update our session id to the one passed in
session_id($sessionId);
// get the user from the session
if (array_key_exists('user', $_SESSION)) {
$user = $_SESSION['user'];
} else {
// something went wrong and we don't have a session, 
// so send them back to the main canvas page to re-intialize everything...
echo '<script>window.top.location="http://apps.facebook.com/<myapphere>";</script>';
exit;
}
} else {
// we don't have a session, so store the session id
$sessionId = session_id();
// validate Facebook request variables
$userId = validateFacebook();
// query database for user
$user = fakeFunctionToGetOurUser($userId);
// store this in the session
$_SESSION['user'] = $user;
}
function validateFacebook() {
// perform $_REQUEST check
if (array_key_exists('fb_sig', $_REQUEST)) {
// TODO: place code that validates the $_REQUEST params
return $_REQUEST['fb_sig_user'];
} else {
// something went wrong and we don't have a session and don't have our Facebook
// request variables, so send them back to the main canvas page to re-intialize everything...
echo '<script>window.top.location="http://apps.facebook.com/<myapphere>";</script>';
exit;
}
}

I hope that helps clear things up. For those of you out there who are looking for a more completed Facebook iframed example, I hope to have that soon. Enjoy!

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Jamie Munro
Software Developer (Senior)
Canada Canada
I am the author of five books: ASP.NET MVC 5 with Bootstrap and Knockout.js, Knockout.js: Building Dynamic Client-Side Web Applications, 20 Recipes for Programming PhoneGap, 20 Recipes for Programming MVC 3, and Rapid Application Development with CakePHP.

I enjoy reading and writing and I like to blog as much as I can on my personal blog EndYourIf.

I'm a father of three kids, twins (boy and a girl) and another baby girl.

You may also be interested in...

Comments and Discussions

 
QuestionWhat does this have to do with C++ or Windows??? Pin
Jamming116-May-15 7:43
memberJamming116-May-15 7:43 
GeneralSecurity Pin
SteveHit14-May-15 0:50
memberSteveHit14-May-15 0:50 
QuestionSecurity concerns Pin
simbos13-May-15 3:02
membersimbos13-May-15 3:02 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150728.1 | Last Updated 13 May 2015
Article Copyright 2015 by Jamie Munro
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid