For one of our PHP projects we wanted to be able to inspect the PHP sessions from outside PHP. For example we want to know the users privileges at certain moment, i.e. if the user is logged in or not.
Why would you need that you may ask?
Well, let's say that our symfony application stores the result of a cached action in Memcache, having two versions of the result HTML, one for logged in users and one for logged out ones. In that case we want to avoid loading symfony at all and returning directly the HTML from Nginx. One of our devs wrote a Nginx module that does just that, it gets from the Memcache certain value, if it's found, then it returns the HTML immediately, else it calls symfony to handle the request. The problem with this approach is that the Nginx doesn't know if the user is authenticated or not, so it can't handle the case where we have two different versions of HTML output for one action. Well, until now...
Please welcome InspectorD a Python daemon that can inspect PHP sessions.
InspectorD is tcp server that understands a very simple text protocol: you ask it if certain session_id is authenticated and it replies 1 if it does, or 0 if it doesn't.
Here's an sample session:
telnet localhost 3002
isauth bj6sc485t9s46o57qpngod5lm7 oglnp9phvn8ac04obdqjk6dko3 n63o4uk297c49131dcdg0h7g72
The server is based on the Twisted framework and the PHPUnserialize module by Scott Hurring. From the later I fixed the session_decode method since it wasn't working for me.
For installation instructions and usage see the github project page.
Any comments and bugs reports are welcomed.