Use session for Telegram bot webhook

Question

I'm try to make a Telegram bot that'll connect to an RCON, but at the moment I'm stuck in the usage of the sessions, seems like they aren't saved. This is my code so far:

<?php
define('BOT_TOKEN', 'xx:xxxxxx');
define('API_URL', 'https://api.telegram.org/bot'.BOT_TOKEN.'/');

//Start session
session_set_cookie_params(3600, "/");
session_start();

//read incoming info and grab the chatID
$content = file_get_contents("php://input");
$update = json_decode($content, true);
$chatID = $update["message"]["chat"]["id"];
$message = $update["message"]["text"];
$reply = "";


if (isset($_SESSION['AskIP'])){
    $_SESSION = array('AskPort' => true,
                    'ip' => $message);
    $reply = "Saved IP: ". $message ."Write the port";
}
else if (isset($_SESSION['AskPort'])){
    $ip = $_SESSION['ip'];
    $_SESSION = array('connected' => true,
                    'ip' => $ip,
                    'port' => $message);
    $reply = "Now you are connected the rcon (".$_SESSION['ip']. ":". $_SESSION['port'].")! Type /disconnect to disconnect from the rcon!";
}
else if (substr($message, 0, 11) === "/disconnect" && strlen($message) == 11 && isset($_SESSION['connected'])){
    $_SESSION['connected'] = false;
    $reply = "Disconnected from". $_SESSION['ip'] .":". $_SESSION['port'];
    $_SESSION = array();
    session_destroy();
}
else if (substr($message, 0, 5) === "/rcon" && strlen($message) == 5)  {
    $_SESSION = array('AskIP' => true);
    $reply = "Write the Server IP";
}

if (empty($reply))
    return;

$sendto = API_URL."sendmessage?chat_id=".$chatID."&text=".$reply;
file_get_contents($sendto);

?>

At the momement it only works when you type /rcon (and the replies "Write the IP" but after that no answer, the privacy settings are already disabled.

Answer 1

You need to understand that a session is not a magical hat that gets your user's data out of nowhere. It's just a key-value storage on the server, where serialized data is stored under the key provided by the client.

In the web environment, such a key is usually transferred in a cookie. But Telegram sends no cookies. So you need another source to identify the client (which has to be fed into session_id() function before calling session_start()).

Luckily, there is a plenty. The info sent by Telegram contains, for example, chat and id user ids. You can use either, which is better serves for your purpose (though chat id is more akin to a session id)

The only trick is that such ids cannot be used as is, like

session_id($data['message']['chat']['id']);

because their format is not a correct format for a session id. But as long as you can make it look like PHP session id, even as with as silly method as using str_pad(), the following code will make sessions pretty usable with Telegram webhooks:

session_id(str_pad($data['message']['chat']['id'], 26, 'F'));
session_start();

But now you need to think, whether it's worth the trouble? The big part of the session mechanism is sending and receiving a cookie. While the remaining part is just a key-value storage. That can be created using any available database, such as Mysql or Redis.

So instead of messing with sessions, you can just get the chat id, json_encode the data you want to store, and use any storage you find convenient.

Answer 2

I ended up just by using mysql.