Sharing session data between PHP and Django
Wes Winham
I'm in the process of switching my new development over to Django
(goodbye PHP + my horribly mediocre custom framework). The only real
tough problem to solve in getting the two sides of the application to
play nice with eachother (for me) is session management. When I log in
a user through the PHP side, I need them to stay logged in when they
go to the Django side, obviously, and they need to take all their
other session data with them. I've searched google, blogs, this group,
and IRC and nothing has jumped out at me as a solution. I'd love to
hear what some more experienced Django users think about my proposed
solution:
1) Create a custom bit of middleware (or modify the authentication
middleware) and a custom PHP session handler to tie the two together.
I would have two columns for session data. One for PHP-serialized auth
data and one for python-serialized auth data.
Every time I save user data to the session in PHP (basically just the
userid and some authorization rights), the session handler uses exec
to call some sort of python code that creates the django-equivalent
information, which I believe is just an object from the user model and
returns the serialized version of that object (http://
www.djangoproject.com/documentation/authentication/#authentication-in-web-requests).
I then save that object in to the column for python data along with
the php data in the php column.
On the Django side, I hook in to the authentication framework somehow
so that any time the user session information is updated, I call some
PHP code that generates the right bit of serialized data and then I
insert that in the php column.
So, some problems I see with my strategy already:
-I don't know how hard it will be to trick the auth middleware to use
my "special" phython-serialized auth data column instead of pulling
stuff from the general session-data column like it will want to (or
how hard it would be to just deserialize the current python data, add
on my user data, reserialize and stick it back in).
-I don't know how hard it will be to do the reverse operation from PHP
to python
-I see some concurrency issues cropping up with all of this trying to
keep two versions of the same data going from two different languages/
sites.
Does anyone see an easier way or maybe have some insight into how I
might accomplish the serialization/pickling stuff?
The good news is that if I can get it to work, I'll definitely be
releasing my middleware changes and my PHP session handler for use by
any other poor sap trying to stick their PHP and Django
Authentications together.
Alex Ezell
It's fortuitous that you ask this question today. I spent last Friday
working all this out for our application.
The overview is to setup Django to use a file-based session system and
point it to the same files that PHP is using. Then override some
methods to help Python read and write the PHP arrays stored in the
session file. Now, if you can't use file-based sessions, this won't
specifically work for you, but may help in seeing what's possible.
First things first, this will make everything much easier:
http://hurring.com/scott/code/python/serialize/
In my case, I use files for maintaining the session data for my PHP
app. So, you'll need to setup your Django settings to use files for
session data and point it to the same folder (ie. /tmp/).
More info: http://www.djangoproject.com/documentation/sessions/#using-file-based-sessions
Then, create a file, I called mine handshake.py, to which you will
point your SESSION_ENGINE setting (note, this is different than what
the docs say above, because you are modifying the engine a bit to suit
your needs). In that file, you want to subclass SessionStore and
override the encode and decode methods. In each, you will use the
PHPSerialize or PHPUnserialize to work with the data and return it in
a form which Django can use.
Something like this:
from django.contrib.sessions.backends.file import SessionStore as
SessionFileStore
from PHPSerialize import *
from PHPUnserialize import *
class SessionStore(SessionFileStore):
'''
Howdy pardner! Speaking of pardners, I subclass the SessionStore
class in the file session backend.
This allows me intercept the decode and encode methods to grab the
PHP sessions and use them.
So, in a way, this makes me PHP's pardner, also.
'''
def __init__(self, session_key=None):
# call the super class's init
super(SessionStore, self).__init__(session_key)
#override the file_prefix
self.file_prefix = 'prefix_'
def decode(self, session_data):
# uses special session decode method in PHPUnserialize
u = PHPUnserialize()
return u.session_decode(session_data)
def encode(self, session_dict):
# users special encode method in PHPSerialize
s = PHPSerialize()
return s.session_encode(session_dict)
Remember to set your SESSION_COOKIE_NAME to the same name that your
PHP setup uses. This allows Django to find the session cookie on the
client machine.
You may not need to override the file_prefix as I have, but this will
depend on your setup.
Once this is all in place, you can just call request.session in your
views as you normally would. You can modify or add values and your PHP
app will see them just fine.
/alex
Alex Ezell
authentication stuff specifically. I'm still working on that bit, but
have moved ahead for right now.
Our initial thoughts are to just call a Django login method from PHP
after the PHP login. Since they are sharing a session (essentially),
it may be that easy.
I'll let you know once we have something working.
/alex
Wes Winham
Wow. I guess today is definitely my lucky day. That Python
serialization class you linked is perfect and the code samples are
really helping me understand where I need to be tinkering.
Like you, I'm still not sure how I'll go about integrating the
authentication systems specifically. This is especially true if the
user is stored as an object by the authentication middleware, because
it doesn't seem like you would be able to pickle/serialize objects
back and forth.
Thanks a ton for the insight.
-Wes
On Feb 12, 6:18 pm, "Alex Ezell" <aez...@gmail.com> wrote:
> I realize that I didn't talk too much about getting your Django
> authentication stuff specifically. I'm still working on that bit, but
> have moved ahead for right now.
>
> Our initial thoughts are to just call a Django login method from PHP
> after the PHP login. Since they are sharing a session (essentially),
> it may be that easy.
>
> I'll let you know once we have something working.
>
> /alex
>
> On Feb 12, 2008 5:09 PM, Alex Ezell <aez...@gmail.com> wrote:
>
> > Hi Wes,
> > It's fortuitous that you ask this question today. I spent last Friday
> > working all this out for our application.
>
> > The overview is to setup Django to use a file-based session system and
> > point it to the same files that PHP is using. Then override some
> > methods to help Python read and write the PHP arrays stored in the
> > session file. Now, if you can't use file-based sessions, this won't
> > specifically work for you, but may help in seeing what's possible.
>
> > First things first, this will make everything much easier:
> >http://hurring.com/scott/code/python/serialize/
>
> > In my case, I use files for maintaining the session data for my PHP
> > app. So, you'll need to setup your Django settings to use files for
> > session data and point it to the same folder (ie. /tmp/).
>
>
> > > Hello,
>
> > > I'm in the process of switching my new development over to Django
> > > (goodbye PHP + my horribly mediocre custom framework). The only real
> > > tough problem to solve in getting the two sides of the application to
> > > play nice with eachother (for me) is session management. When I log in
> > > a user through the PHP side, I need them to stay logged in when they
> > > go to the Django side, obviously, and they need to take all their
> > > other session data with them. I've searched google, blogs, this group,
> > > and IRC and nothing has jumped out at me as a solution. I'd love to
> > > hear what some more experienced Django users think about my proposed
> > > solution:
>
> > > 1) Create a custom bit of middleware (or modify the authentication
> > > middleware) and a custom PHP session handler to tie the two together.
> > > I would have two columns for session data. One for PHP-serialized auth
> > > data and one for python-serialized auth data.
>
> > > Every time I save user data to the session in PHP (basically just the
> > > userid and some authorization rights), the session handler uses exec
> > > to call some sort of python code that creates the django-equivalent
> > > information, which I believe is just an object from the user model and
> > > returns the serialized version of that object (http://