[wp-hackers] How to let a servlet validate a wordpress session id?

Nop nopalot at iplace.at
Wed Jan 18 15:15:24 UTC 2012

Hello Otto,

thank you for your advice! 
How can a servlet validate a cookie that was created by wordpress?

Some more background information about the project: 
1. An ajax app I'm working on gets embedded into a wordpress page.
2. Wordpress is used to handle user registration and authentication. 
3. The ajax app communicates to a servlet. 
4. Now the servlet needs a way to verify that a request from the ajax
app originates from a logged in user (This is required to access the
users data in the database). But how can this be done?
Both, the servlets (tomcat) and wordpress (apache2) run on the same
machine and access the same database.

Regarding the sessions approach:
I found various sites on the net that advice to place the following code
in either wp-config.php or functions.php to enable sessions:  
if (!session_id()) {
This would give me a session id that could be transferted to the ajax
app. The ajax app would forward the session id to the servlet on every
request. But then, the servlet needs a way to validate the session id as
well as a way to retrieve the corresponding user id. 
To conclude it, what I am looking for is a way to let a servlet access
the data of a wordpress user. How does this commonly get solved?
If sessions are the wrong way, how else could it be implemented?
Thanks again for your advice!

On Wed, 2012-01-18 at 08:30 -0600, Otto wrote:
> WordPress doesn't use session ID's, so I'm not entirely sure what
> you're talking about.
> WordPress uses cookies to authenticate the user. If your servlet can
> access the cookies, then it can run its own validation on them.
> -Otto
> On Wed, Jan 18, 2012 at 7:51 AM, Nop <nopalot at iplace.at> wrote:
> > Hello,
> >
> > I'm searching for a solution how to let a servlet:
> > 1. validate a wordpress session id and
> > 2. retrieve the corresponding wordpress user id.
> >
> >
> >
> > So far, i see two possible solutions to this requirement:
> >
> > 1. Store the wordpress session id and userid in a database table and let
> > the servlet query the database. This looks like the simplest solution,
> > the only question is how can wordpress be convinced to store the
> > sessionid and userid in a database table?
> >
> > 2. Implement some kind of wordpress
> > plugin/protocol/IPC-mechanism/whatever to enable the servlet a way to
> > directly communicate with wordpress. Here I have to admit that I havn't
> > done any PHP programming yet, so the main question is how could this
> > approach be implemented?
> >
> > But maybe there's an even better/simpler solution. How would you solve
> > this requirement?
> > Any advice is welcome,
> > thanks in advance!
> >
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list