PHP Insert/Update $_SESSION Variable into User Session from server

So here's the scenario: I have user SIDs stored in database while active and I want to change/set a $_SESSION variable in the user's session. I do know there are other ways (Ajax, etc) to accomplish the same thing, but now I am intensely curious to see if there is a way to make this work.

Here's what I'm trying, User SessionID=1234567890 code, refreshed every 15 seconds:

if (isset($_SESSION['Message'])) {
    $msg=$_SESSION['Message'];
    $alert= "<br><script type='text/javascript'>alert('$msg');</script><br>";
    unset($_SESSION['Message']);
} else {
    $alert="<br>'Message' is NOT set.<br>";
}

And I run this on the server:

<?php
session_id('1234567890');
session_start();
$_SESSION['Message']="Hello!";
?>

And the result is the user session hangs on refresh instead of popping up the alert.

From the docs I have read, it seems like this is not specifically excluded, but I can see where it may cause slight security concerns. I have no security concerns in this case.

So, is there any way to make this work?

2 answers

  • answered 2018-10-19 22:01 dognose

    You are maybe running into an Issue called "Session blocking".

    If a PHP-Script is running, it will lock it's current session-object on a file-system-level. Other PHP-Scripts calling start_session for the very same ID will be stuck, until the first script has released the lock.

    To avoid this, you can try to add session_write_close(); to your script(s), whenever you are sure, that the current script does not need to store any more data to the session-file.

    Afterwards, you can still read the session during script execution but no longer write.

  • answered 2018-10-20 17:41 Ernani Azevedo

    When you run PHP in CLI, it doesn't have session_path set. You'll need to execute the session_save_path() method and inform where your session files should be located.

    For example:

    bash# ls -al /var/www/tmp/sess_julp8r943vmbv18lhi651beu03
    -rw------- 1 apache apache 19 Jun 20 21:09 /var/www/tmp/sess_julp8r943vmbv18lhi651beu03
    bash# php -q
    <?php
    session_id ( "julp8r943vmbv18lhi651beu03");
    session_start ();
    var_dump ( $_SESSION);
    ?>
    array(0) {
    }
    bash# php -q
    <?php
    session_save_path ( "/var/www/tmp");
    session_id ( "julp8r943vmbv18lhi651beu03");
    session_start ();
    var_dump ( $_SESSION);
    ?>
    array(1) {
      ["message"]=>
      string(7) "Hello there!"
    }