I have hit a wall with PHP Sessions during my extension development, and I'm getting very angry now at my lack of knowledge and lack of decent understandable examples out in the wild. I hope someone can help me otherwise I'm going to trash the Twitter Notifier project. (Yes, I'm that angry and fed up).

I am populating the session with an array of data to be passed to a popup window where the Twitter authentication is happening. When I open the window however, the Session is empty.

I have called session_start() at the top of my content page, and also at the top of my popup page, yet... nothing. I have read that due to two pages accessing the session, I need to use session_write_close(), which I have, and... nothing.

The code is on Github so if anyone could help me out, I would digitally kiss them.

The test App consumer details are in the repo. You need to go to preferences, add them, then save. Go to the Twitter Accounts page and try adding an account and veryfying it. This page is seriously not working though, so the only thing to expect back at the mo is the session output in the popup page, but.... nothing.

Until I can get this figured out, the Twitter Notifier is halted.

Here's the file for all those interested.

You really don't need to create your own session, Symphony has its own class that manages sessions and saves them to the database automatically - it should just be a matter of $_SESSION['your-key'] = 'your-value' and nothing else.

Sorry, forgot to link the repo.

As the file isn't a Symphony file, how would I recall the current Symphony session? It's obvious to me now that this is the problem.

Is there any way that I can make this file part of Symphony, or call the Symphony 'environment' from here?

EDIT: And thanks for looking Rowan...

I have tried recalling the current session using session_id() which is correctly returning the current Symphony session ID, yet the $_SESSION global is still empty???!!?

How is this possible?

First impressions are on the same line as Rowan's, Symphony already takes control over Sessions immediately through the Symphony constructor, so I'm not sure what sort of affect that has on using session related functions directly (I'm guessing not a good one from the sounds of it!).

This is how Symphony does it:

  • Creates a new Cookie class instance that uses the cookie-prefix from the Configuration reference
  • Symphony checks to see if you are logged in, using $this->Cookie->get('key') reference
  • If you aren't logged in, this function logs you in and then sets the variables via $this->Cookie->set('key', 'value') reference

So what a Cookie does is basically a key in the session array. If you use $this->Cookie in your extension, it will be saved into $_SESSION[cookie-prefix][key] = value.

The Session class in Symphony is essentially just the management of Sessions, that is, saving them into the sym_sessions, reading them from that table and deleting them from that table.

So for your purposes I'd:

  • Remove all the session_* functions, Symphony abstracts this all for you.
  • Create a new Cookie instance, something like new Cookie('twitter-notifier', TWO_WEEKS, __SYM_COOKIE_PATH__);
  • Change these blocks to use the Cookie get/set methods.

Hopefully that should get you on the right track! Cookie API

Brendan, really appreciate this, I understand it better now.

I'm still a little confused as to how to access this from the file that does all the Twitter authentication, as it's not in the Symphony scope, it's a separate file.

Would I just need to use standard PHP to access the cookies? (I'm new to Sessions and Cookies, although that's kinda obvious now ;o)


Just to expand on this, what are the implications in writing to the cookie outside of the Symphony environment? Would it get overwritten as soon as I reload the Symphony page? I'm having to transport some very important information back to the Symphony page that will need saving in the database and I don't want to lose it.


I'm a little miffed now as to the fact that I can't transport data out to another PHP script and then back in again using either Sessions or Cookies as Symphony hijacks them both to it's advantage, but therefore isolates them.

I need to be able to do the following:

  1. Create an array of data (three strings).
  2. Pass this array of data out to another PHP script in a separate window.
  3. Allow that script to modify the data twice, once before going off to another site (Twitter) and again when it calls back to the script.
  4. Close the other window, which refreshes the Symphony page, and pulls in the modified data.
  5. Add that data to the database, and trash the arrays.

How is this possible if Sessions and Cookies can't be used? All I can ever retrieve from the Session and/or Cookie is the PHP Session ID. Why is there no data to go with it?

I understand the benefits of Symphony doing things the way it does, but what is the benefit of breaking standard PHP abilities.

While I don't have enough experience with this to offer a solution, is there any reason why the script needs to be outside of Symphony? If it's bundled with your extension could it be a content page that the extension provides?

Just to expand on this, what are the implications in writing to the cookie outside of the Symphony environment? Would it get overwritten as soon as I reload the Symphony page?

Unfortunately I have no idea, I've never tried in that situation! I can take a look tomorrow though and see what some testing turns up.

Seconding what Nick has mentioned though. Failing that, you could create a Symphony stub to access the bare minimum, check JIT's /lib/image.php file for an example.

I was thinking that Nick, and Brendan's idea of creating the bare minimum (ie not outputting anything into the page) is probably the only way I can do it.

Therefore, is there any way to stop a user from viewing the page in Symphony, and only let it be called by my accounts page, or the callback from Twitter? I suppose GET parameters are the way to check, but how do I get the page to throw an exception/output an error if it is manually called in the address bar?

Thanks for all your input so far guys...

content.{name}.php are always hidden, unless you add them into the backend navigation. However they will require the session to be logged-in to Symphony, which the Twitter callback might not be. Unless you can pass a valid auth-token (an Author's remote login token) to Twitter and have it passed back in the callback.

The user will always be logged in while the Twitter authentication happens, that's all the page is for... It just processes their details in a matter of seconds, or directs them off to Twitter to log in there and authenticate the application, in minutes.

There's no worry about a user not being logged in, which is a good thing.

Ah that's good, so the callback from Twitter is done in the browser, visible to the user, rather than a server-side call.

In which case go with a content page. See Order Entries for a basic AdministrationPage, visible at /symphony/extension/:extension_name/:page_name (note the singular extension).

Awesome, cheers Nick.

This is a basic page that has no real ouptut to the browser right? I have un understanding of the browser output, just need a shell to run code in basically...

How'd you go? Any progress?

Havent got round to it yet, been watching Battlestar... :)

definitely an acceptable excuse.

I am still a bit confused how to add values to the Symphony session. @buzzomatic proposes to use $_SESSION['your-key'] = 'your-value', @brendo recommends to use the accessor functions, i.e. $this->Cookie->set('key', 'value') and $this->Cookie->get('key').

Which of the methods ensures that I am adding data to the current session, so I don't unnecessarily crowd the database table with sessions?

I am asking this because the Device Categorizr extension uses buzzomatic's approach (e.g. $_SESSION[$category] = "mobile").

Personally, I went with using the Cookie class. I prefer the storing of sessions in the database as a security thing, and with an authentication module I wrote for codeigniter, I stuck with database sessions too.

Sorry for asking dumb questions. But does this mean that the cookie class saves the cookie data as session data in the sym_sessions resp. sym_sessions table?

And if I use $_SESSION['key']? What exactly happens then?

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details