Understanding Server Connect Sessions and Usage

I was answering a user question and it turned out more informative than planned, so I have made it a doc as I have seen many people including myself initially confused by it. This is one that has caught us all at one time or another.

Short answer:
The Set Session step in Wappler should not have an output option at all, it is an oversight they just have not got around to fixing yet.


Long Answer:

  1. There are 2 different types of sessions, client side and server side, server side sessions are what Server Connect uses and are stored in a file on your server.
  2. Many server side languages store this file in a /tmp directory on your server.
  3. The file name of this can be found in your Chrome developer tools
  4. In PHP they are stored in another directory, and if you place a file called info.php in your /public_html/ folder with the following content <?php phpinfo(); ?> and call the file in your web browser you will be able to find the path to the file.
  5. If you want to view the contents of the file and have root access to your server via ssh or a WHM terminal you can do so by entering nano /var/cpanel/php/sessions/ea-php72/sess_2cd33fa78d820abdc74c47a553f5eb91 replacing my path with your own and my filename with your own. Hit enter and it should show something like this which confirms the session is saved.

Alternatively you could also run this at the very top of your client side webpage to see the contents.

<?php
	// Start the session
	session_start();

	// Show session variables
	print_r($_SESSION); 
?>

Correct usage of Server Connect server side sessions
Set a session to be used in other server actions

  1. Add a Core Actions > Set Session step
  2. Give the session a name like mytestsession
  3. Give the session a value of whatever, example {{$_GET.realmId}}

If you want to view the contents of this session in a DIFFERENT server action

  1. Right click Globals > $_SESSION click Variable
  2. Name the variable the same as what you set mytestsession

To Set and View or use the Session in the same Server Action you need a combination of both and obviously you can not try use the session variable before it has been set, so make sure your set session is first. Something like this.
Screenshot 2020-06-05 at 02.06.31

Your output will now show something like

As you can see there is no output for sesstestingnew which is the Set Session command however the output is now available for use which I show in the myval2 Set Value step.

6 Likes

Thanks for sharing this article Paul! I have grappled with these issues in the last few weeks too, and this would have saved me heaps of time, especially on the fact that there is no output from a session variable.

I have a question for one and all.

If I don’t do any of those things to show the value of server side session variables, are they considered to be a safe place to store sensitive information such as access keys?

1 Like

Yes server side sessions as far as I know are safe as houses, client side sessions, not so much.

On the other side though, if you expose the server side session by adding it to a set value and using the binding client side then I suppose you are bypassing some of it’s built in security, if you are really only going to be using them server side, then you should be very safe.