Specific external $_SESSION value isn't coming through

vrdriver · June 7, 2024, 2:37pm

Hi All,

I know this topic has been asking in multiple ways, but I things aren’t making sense for me.

In it’s simplest form, I have a raw php file like the following (the value is actually set in a log in page elsewhere - but same thing), and I want to use those $_SESSION variables in snippets, as I’m presently using a combination of MODX and another custom php project of mine.

Here’s the simple php file:

  <?php 
 session_start();
 
 //Comment this out to set the session value.
 //$_SESSION['user_id'] = "3";
 
 error_reporting(E_ALL);
 ini_set('display_errors', 1);
    
 echo $_SESSION['user_id'];
 
 ?>

This can set and display our $_SESSION for the user_id. Easy right?

Well, when I get to Modx, it doesn’t work.

I have a snippet called ‘SessionDebug’ with the following:

<?php
// Start the session if not already started
if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

// Debugging output for session data
$output = 'Session ID: ' . session_id() . '<br>';
$output .= 'Session save path: ' . ini_get('session.save_path') . '<br>';
$output .= 'Session data:<pre>' . print_r($_SESSION, true) . '</pre>';

// Check if user_id is set
if (isset($_SESSION['user_id'])) {
    $output .= 'User ID: ' . $_SESSION['user_id'];
} else {
    $output .= 'User ID is not set';
}

return $output;

I call it with the following: [[SessionDebug]]

And this is my result:

I should be getting ‘3’ for the User ID, but it’s not appearing in the $_SESSION value.

When I run the same script again in the raw php version, I get this:


Session ID: u085ksikgph5df4thfghf6vfni
Session save path: /var/lib/php/session
Session data:

Array
(
    [lockedouttimes] => 3
    [counter] => 46
    [last_post] => 1717768216
    [ip] => XXX.XXX.XXX.XXX
    [user_id] => 3
    [user_level] => user
    [user_first_name] => Steve
    [user_debug] => 0
)

User ID: 3

Here’s the raw php:


<?php
// Start the session if not already started
if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

// Debugging output for session data
$output = 'Session ID: ' . session_id() . '<br>';
$output .= 'Session save path: ' . ini_get('session.save_path') . '<br>';
$output .= 'Session data:<pre>' . print_r($_SESSION, true) . '</pre>';

// Check if user_id is set
if (isset($_SESSION['user_id'])) {
    $output .= 'User ID: ' . $_SESSION['user_id'];
} else {
    $output .= 'User ID is not set';
}

echo $output;

As you can see, I have the same PHP session ID, and all the other values that are stored in the login session etc., but Modx isn’t passing everything.

Is $_SESSION[‘user_id’] a reserved word or have I just got unlucky?

I don’t have any weird configurations in modx. It’s basically a clean install with a couple of snippets and templates.

Using latest version of Modx v3

Thanks,
Steve

halftrainedharry · June 7, 2024, 5:35pm

Maybe in your external file load MODX externally and let MODX handle the session. (By default MODX uses a custom session handler that stores the sessions in the database.)

If that’s not possible, try changing the system setting session_handler_class to use the standard PHP session management and see if that helps.

vrdriver · June 8, 2024, 6:10am

Thanks for the suggestion. I had a play with the session values in the settings but have killed my installation in doing so.

In terms of adding the ‘external modx’ code idea , I need to add my project to modx, rather than adding modx to my project, as I want to to use modx for it’s caching system… so adding the ‘external’ modx code wouldn’t work for my use case.

Unfortunately it would be too much of a rewrite for my site I think to make this work. Many of the sql queries need to know what that user_id session field is which isn’t being returned.

I also tried changing all of the session options in the settings and nothing seems to work. Modx still overwrites any session details with it’s own values it seems.

Oh well, back to the drawing board and time to try and get the modx manger page to let me log in again, as somehow I’ve managed to kill it… haha

vrdriver · June 8, 2024, 6:28am

FYI, Just ran the setup again on the site and it was back in, after it complained about a db setting re the sessions.

vrdriver · June 8, 2024, 6:41am

Further to this… while I upgrade the site further to the minor 3.05, in the config.inc.php file, there is a value for $site_sessionname.

I wonder if I use that name in that variable for my current site, and see what happens, because if I look at the modX.php file on line 2788, it has the following:

$site_sessionname = $this->getOption('session_name', $options, '');
if (!empty($site_sessionname)) session_name($site_sessionname);

Time will tell.

vrdriver · June 9, 2024, 9:20am

After playing around I have found a work-around, but it’s not a proper solution to be honest.
I’ve tried naming the sessions and didn’t get anywhere, and so what I’ve discovered is that modx appears to rewrite it’s own session values every time in to the $_SESSION variable, dropping any other values the other website writes to the $_SESSION.

Yet if I add the following to the main index.php file, then I get the correct $_SESSION values from my other site, but I lose all of the modx values if I’m logged in to modx.

// Start the session if it's not already started
if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

And, if I log in to my site to get the values I want, and then load in to modx, it wipes those $_SESSION values, and I have to log back in to the site, which then wipes the modx values… but, modx continues to work in the admin section - despite it not having it’s array of $_SESSION values stored. It’s a bit of a weird scenario. I’d just like to have all values in memory rather than one or the other.

So why all this bother still? My current site has users already on it with it’s own permission system and I really don’t want to have to migrate and rewrite everything (anything) to modx if I don’t have to.

Maybe I could just import the users and create a custom field as a ‘user_id’ and migrate them in.

Anyway, I thought I’d just report on my findings if anyone else wants to go down this path.

The easiest solution would be if there was a way to merge the $_SESSION values, but I really don’t think that is an option.

UPDATE:

If you’ve been following my journey, thanks for putting up with my lack of knowledge. So, please disregard this whole thread.
Due to my stupid incompetence of not knowing how sessions work properly, I have now solved this after the penny dropped.
Each browser/tab is a new unique session, and while cookies can keep you logged in across pages, my problem was never going to be solved how I was doing things, and expected it to work.

After copying my own login code to the modx cms, and running it through a snippet, it is now storing the correct session variables, from my mess and for modx… which means I can get the stored session variables I need.

*walks out of the room with head down in shame, to be banished to the ‘I thought I knew stuff school’