Hey nate! Thanks a billion. Setting session.auto_start in php.ini did
the trick for me. I would just like to ask if there are any security
vulnerabilities in doing this, and if calling session_start() every
time would, by any chance, be more secure?
@understasis: You're right about phpBB storing its sessions in cookies.
But, reading the cookie, and then starting a Cake session seems too
roundabout. Just add the following lines to /phpbb/login.php around
line 100:
if( $session_id )
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['username'] = $row['username'];
$_SESSION['session_id'] = $sid; // and any other info you may need
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&',
'&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
}
else
{...
That's to set the session while logging in. Add the following around
line 172 in login.php (to unset the session while logging out):
if( $userdata['session_logged_in'] )
{
unset($_SESSION['user_id']);
unset($_SESSION['username']);
unset($_SESSION['session_id']); // and any other $_SESSION variables
you may have set
session_end($userdata['session_id'], $userdata['user_id']);
}.....
That's it! Make sure you have session.auto_start = 1 in php.ini, and
use phpBB's login & logout scripts for user authentication in your app.
Pretty cool eh? :D I hope someone else finds this thread useful too.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
