v5:session:session_index
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
v5:session:session_index [2016/01/14 03:03] – [The Improved Session Handler] mnewnham | v5:session:session_index [2023/04/08 18:08] (current) – Add WRAPs for notes dregad | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Session Management ====== | ||
<WRAP right box> | <WRAP right box> | ||
[[v5: | [[v5: | ||
+ | [[v5: | ||
</ | </ | ||
- | ====== Session Management ====== | + | |
- | <WRAP important> | + | |
- | The original session management routines that use '' | + | |
- | </ | + | |
===== Introduction ===== | ===== Introduction ===== | ||
+ | ADOdb session management extends the standard functionality of PHP sessions, by allowing the normal session data seen to be stored in a database itself. There are numerous ways that this method enhances the default behavior | ||
- | ==== Why Session | + | * Simplified clean-up at end of session life |
+ | * Easy analysis of session data | ||
+ | * Simple session termination | ||
+ | * **//Session | ||
+ | * Encryption of session data | ||
+ | * Allows implementation of session termination callbacks | ||
+ | * Session data can be retained if used across with load balancing servers | ||
- | We store state information specific to a user or web client in session | + | ADOdb session |
- | To use session variables, call session_start() at the beginning of your web page, before your HTTP headers are sent. Then for every variable you want to keep alive for the duration of the session, call variable you want to keep alive for the duration of the session, use '' | ||
- | The default method of storing sessions | + | These records will be garbage collected based on the php.ini [session] timeout settings. You can register a notification function to notify you when the record has expired and is about to be freed by the garbage collector. |
- | * Have multiple web servers that need to share session | + | An alternative |
- | * Need to do special processing of each session | + | |
- | * Require notification when a session | + | |
- | The ADOdb session | + | <WRAP important> |
+ | The original | ||
+ | </ | ||
- | These records will be garbage collected based on the php.ini [session] timeout settings. You can register a notification function to notify you when the record has expired and is about to be freed by the garbage collector. | ||
- | An alternative | + | ===== Driver Support ===== |
+ | The following drivers are known to work with the adodb-session2.php file: | ||
+ | - mysqli | ||
+ | - pdo_mysqli (From ADOdb version 5.21) | ||
+ | - postgres | ||
+ | - oci8 | ||
+ | This is not an exhaustive list, if you are using the system with a different database, let us know so we can add it to the list. | ||
===== Usage ===== | ===== Usage ===== | ||
Line 37: | Line 47: | ||
* Test session vars, the following should increment on refresh | * Test session vars, the following should increment on refresh | ||
*/ | */ | ||
+ | if (!isset($_SESSION[' | ||
+ | $_SESSION[' | ||
+ | | ||
$_SESSION[' | $_SESSION[' | ||
print "< | print "< | ||
Line 67: | Line 80: | ||
adodb-session2.php | adodb-session2.php | ||
- | adodb-cryptsession2.php | + | adodb-cryptsession2.php |
- | adodb-session-clob2.php | + | |
+ | adodb-session-clob2.php | ||
+ | | ||
==== Usage Examples ==== | ==== Usage Examples ==== | ||
Line 84: | Line 99: | ||
ADOdb_Session:: | ADOdb_Session:: | ||
- | ADOdb_session::Persist($connectMode=false); | + | ADOdb_Session::persist($connectMode=false); |
session_start(); | session_start(); | ||
Line 98: | Line 113: | ||
</ | </ | ||
- | The parameter to the '' | ||
- | |||
- | ^$connectMode^Connection Method^ | ||
- | ^true|PConnect()| | ||
- | ^false|Connect()| | ||
- | ^' | ||
- | ^' | ||
- | ^' | ||
===== Using Encrypted Sessions ===== | ===== Using Encrypted Sessions ===== | ||
Line 119: | Line 126: | ||
ADOdb_Session:: | ADOdb_Session:: | ||
- | adodb_sess_open(false, | ||
session_start(); | session_start(); | ||
</ | </ | ||
Line 134: | Line 140: | ||
ADOdb_Session:: | ADOdb_Session:: | ||
- | adodb_sess_open(false, | ||
session_start(); | session_start(); | ||
</ | </ | ||
Line 142: | Line 147: | ||
Create this table in your database. | Create this table in your database. | ||
- | ==== MySQL ==== | + | ==== MySQL or PDO MySQL ==== |
- | + | ||
- | CREATE TABLE sessions2( | + | < |
- | | + | CREATE TABLE sessions2 ( |
- | | + | sesskey VARCHAR( 64 ) COLLATE utf8mb4_bin |
- | | + | expiry DATETIME NOT NULL , |
- | | + | expireref VARCHAR( 250 ) DEFAULT '', |
- | | + | created DATETIME NOT NULL , |
- | | + | modified DATETIME NOT NULL , |
- | | + | sessdata LONGTEXT, |
- | | + | PRIMARY KEY ( sesskey ) , |
- | | + | INDEX sess2_expiry( expiry ), |
- | ) | + | INDEX sess2_expireref( expireref ) |
+ | ) | ||
+ | </ | ||
+ | |||
+ | <WRAP info> | ||
+ | When [[https:// | ||
+ | Collisions could occur in this case, due to MySQL performing case-insensitive searches by default. | ||
+ | To avoid that, the //sesskey// column should use binary (or a case-sensitive) collation. | ||
+ | </ | ||
==== PostgreSQL ==== | ==== PostgreSQL ==== | ||
Line 192: | Line 206: | ||
===== Notifications ===== | ===== Notifications ===== | ||
- | You can receive notification when your session is cleaned up by the session garbage collector or when you call session_destroy(). | + | You can receive notification when your session is cleaned up by the session garbage collector or when you call //session_destroy()//. |
- | PHP's session extension will automatically run a special garbage collection function based on your php.ini session.cookie_lifetime and session.gc_probability settings. This will in turn call adodb's garbage collection function, which can be setup to do notification. | + | PHP's session extension will automatically run a special garbage collection function based on your php.ini session.cookie_lifetime and session.gc_probability settings. This will in turn call ADOdb's garbage collection function, which can be setup to perform |
- | PHP Session --> ADOdb Session | + | |
- | GC Function | + | GC Function |
- | executed at | + | executed at |
- | random time | + | random time |
+ | Extension | ||
When a session is created, we need to store a value in the session record (in the EXPIREREF field), typically the userid of the session. Later when the session has expired, just before the record is deleted, we reload the EXPIREREF field and call the notification function with the value of EXPIREREF, which is the userid of the person being logged off. | When a session is created, we need to store a value in the session record (in the EXPIREREF field), typically the userid of the session. Later when the session has expired, just before the record is deleted, we reload the EXPIREREF field and call the notification function with the value of EXPIREREF, which is the userid of the person being logged off. | ||
Line 223: | Line 238: | ||
$user = $ADODB_SESS_CONN-> | $user = $ADODB_SESS_CONN-> | ||
- | $ADODB_SESS_CONN-> | + | $ADODB_SESS_CONN-> |
system(" | system(" | ||
} | } | ||
- | </ | + | </ |
- | NOTE 1: If you have register_globals disabled in php.ini, then you will have to manually set the EXPIREREF. e.g. | + | |
+ | <WRAP info> | ||
+ | EXPIREREF | ||
<code php> | <code php> | ||
Line 234: | Line 251: | ||
</ | </ | ||
- | NOTE 2: If you want to change | + | In older versions of ADOdb this could be achieved automatically through |
+ | </ | ||
+ | <WRAP info> | ||
+ | If you want to change the EXPIREREF after the session record has been created, you will need to modify any session variable to force a database record update. | ||
+ | </ | ||
===== Neat Notification Tricks ===== | ===== Neat Notification Tricks ===== | ||
Line 262: | Line 283: | ||
will compress and then encrypt the record in the database. | will compress and then encrypt the record in the database. | ||
- | ===== Session Cookie Regeneration ===== | ||
- | The method '' | ||
- | ==== Usage ==== | ||
- | |||
- | <code php> | ||
- | include ' | ||
- | |||
- | session_start(); | ||
- | /* | ||
- | * Approximately every 10 page loads, reset cookie for safety. | ||
- | * This is extremely simplistic example, better | ||
- | * to regenerate only when the user logs in or changes | ||
- | * user privilege levels. | ||
- | */ | ||
- | if ((rand()%10) == 0) | ||
- | adodb_session_regenerate_id(); | ||
- | </ | ||
- | |||
- | This function calls '' | ||
- | |||
- | ===== Vacuum/ | ||
- | |||
- | During session garbage collection, if postgresql is detected, ADOdb can be set to run VACUUM. If mysql is detected, then optimize database could be called.You can turn this on or off using: | ||
- | <code php> | ||
- | $turnOn = true; # or false | ||
- | ADODB_Session:: | ||
- | </ | ||
- | The default is optimization is disabled. | ||
- | ===== Backwards | + | ===== Backwards |
The older method of connecting to ADOdb using global variables is now deprecated, and **will be removed** in ADOdb version 6.0: | The older method of connecting to ADOdb using global variables is now deprecated, and **will be removed** in ADOdb version 6.0: | ||
Line 301: | Line 294: | ||
$ADODB_SESSION_USER =' | $ADODB_SESSION_USER =' | ||
$ADODB_SESSION_PWD =' | $ADODB_SESSION_PWD =' | ||
- | $ADODB_SESSION_DB ='phplens'; | + | $ADODB_SESSION_DB ='employees'; |
include ' | include ' |
v5/session/session_index.txt · Last modified: 2023/04/08 18:08 by dregad