Maintaining a session in a session-less environment Maintaining a session in a session-less environment

Confused?  I know I was at first, but let me explain.  First, why would there be a session-less environment?  I thought this was a HUGE plus to server-side development languages over basic HTML that is session-less?  Well, you would be right in that sense; however, as I mentioned in a recent blog that I've switched careers and I am currently doing server-side game development for large Facebook Virtual Worlds.  The client/server relationship in these games are completely session-less.  Each time the client performs an action, the server doesn't "know" who they are because it's not a consistent relationship like a browser and a web server.

Don't worry, there is a simple solution to this problem, let's explore it now.


The only thing we need to make this work is a unique identifier sent to us on each server call from the client.  Something that is not obvious and cannot easily be guessed; since there is no true security in this process.  The easiest thing to use is the session id that is created by the server on the first visit.  No matter the server-side language, if it supports session it will provide you with a unique session id.  Below is some example PHP code to get our session id: 

<?php
$sessionId = session_id();
?>

We will want to retrieve this id on the first page load (usually when we load the Flash application).  The process would be something like this: 

<?php
// start our session (assuming auto start is not turned on)
session_start();
// Check if the sessionId was passed in through the URL
if (array_key_exists('sessionId', $_REQUEST)) {
$sessionId = $_REQUEST['sessionId'];
// update our session id to the one passed in
session_id($sessionId);
} else {
// we don't have a session, so store the session id
$sessionId = session_id();
}
?>

On each page request this will look for the session id in the URL or it will generate a new one.  After this process we would pass the $sessionId to Flash so they can send it back each time allowing us to maitain our session in a session-less environment.

You may have noticed that this is an incomplete example because we haven't stored anything in our session to maintain.  To make this example complete, we will want to retrieve the "current user" from our database.  In the else statement above, we would need to perform a query to retrieve the user.  Once retrieved, we can store the user in the session and use it on each subsequent call when our session is already set.

Have I confused you even more?  Below is a stripped down example of doing this with an iframed Facebook application: 

<?php
// start our session (assuming auto start is not turned on)
session_start();
// Check if the sessionId was passed in through the URL
if (array_key_exists('sessionId', $_REQUEST)) {
$sessionId = $_REQUEST['sessionId'];
// update our session id to the one passed in
session_id($sessionId);
// get the user from the session
if (array_key_exists('user', $_SESSION)) {
$user = $_SESSION['user'];
} else {
// something went wrong and we don't have a session, so send them back to the main canvas page to re-intialize everything...
echo '<script>window.top.location="http://apps.facebook.com/<myapphere>";</script>';
exit;
}
} else {
// we don't have a session, so store the session id
$sessionId = session_id();
// validate Facebook request variables
$userId = validateFacebook();
// query database for user
$user = fakeFunctionToGetOurUser($userId);
// store this in the session
$_SESSION['user'] = $user;
}
function validateFacebook() {
// perform $_REQUEST check
if (array_key_exists('fb_sig', $_REQUEST)) {
// TODO: place code that validates the $_REQUEST params
return $_REQUEST['fb_sig_user'];
} else {
// something went wrong and we don't have a session and don't have our Facebook
// request variables, so send them back to the main canvas page to re-intialize everything...
echo '<script>window.top.location="http://apps.facebook.com/<myapphere>";</script>';
exit;
}
}

I hope that helps clear things up.  For those of you out there who are looking for a more completed Facebook iframed example, I hope to have that soon.  Enjoy!

Published on Jan 17, 2011

Tags: Facebook | session | PHP

Related Posts

Did you enjoy this article? If you did here are some more articles that I thought you will enjoy as they are very similar to the article that you just finished reading.

Jamie Munro
Jamie Munro

Jamie Munro is the author of ASP.NET MVC 5 with Bootstrap and Knockout.js, Knockout.js: Building Dynamic Client-Side Web Applications, 20 Recipes for Programming MVC 3, and 20 Recipes for Programming PhoneGap. He has been developing websites and web applications for over 20 years.

Jamie began his writing career in 2009. As the success of Jamie's blog grew, he turned his writing passion to books about web development in hopes that his many years of experience could be passed on to his readers.

Tutorials

Learn how to code in HTML, CSS, JavaScript, Python, Ruby, PHP, Java, C#, SQL, and more.

No matter the programming language you're looking to learn, I've hopefully compiled an incredible set of tutorials for you to learn; whether you are beginner or an expert, there is something for everyone to learn. Each topic I go in-depth and provide many examples throughout. I can't wait for you to dig in and improve your skillset with any of the tutorials below.

Front-End

Server-Side

Database