ADOdb

Database Abstraction Layer for PHP

User Tools

Site Tools

Trace:
v5:session:session_index

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
v5:session:session_index [2016/05/16 00:39] – [Introduction] mnewnhamv5:session:session_index [2023/03/27 13:14] – [MySQL or PDO MySQL] explain reason for using binary collation dregad
Line 1: Line 1:
 +====== Session Management ======
 <WRAP right box> <WRAP right box>
 [[v5:session:Index]]\\ [[v5:session:Index]]\\
 +[[v5:session:reference:index|Session Command Reference]]\\
 </WRAP> </WRAP>
-====== Session Management ====== +
-<WRAP important> +
-The original session management routines that use ''adodb-session.inc.php'' are deprecated as of ADOdb version 5.20, and will be removed in ADOdb Version 6.0.0. For information on upgrading from the original version, see [[v5:session:version1|Here]] +
-</WRAP>+
 ===== Introduction ===== ===== Introduction =====
 ADOdb session management extends the standard functionality of PHP sessions, by allowing the normal session data seen to be stored in a database itself. There are numerous ways that this method enhances the default behavior ADOdb session management extends the standard functionality of PHP sessions, by allowing the normal session data seen to be stored in a database itself. There are numerous ways that this method enhances the default behavior
Line 18: Line 17:
  
 ADOdb session management can be considered an extension of the normal behavior. It uses the same command syntax and structure as normal sessions, and honors the values defined in php.ini for sessions.  ADOdb session management can be considered an extension of the normal behavior. It uses the same command syntax and structure as normal sessions, and honors the values defined in php.ini for sessions. 
-==== Why Session Variables in a Database? ==== 
  
-We store state information specific to a user or web client in session variables. These session variables persist throughout a session, as the user moves from page to page. 
  
-To use session variables, call session_start() at the beginning of your web page, before your HTTP headers are sentThen for every variable you want to keep alive for the duration of the session, call variable you want to keep alive for the duration of the session, use ''$_SESSION['variablename']''By default, the session handler will keep track of the session by using a cookie. You can save objects or arrays in session variables also.+These records will be garbage collected based on the php.ini [session] timeout settingsYou can register a notification function to notify you when the record has expired and is about to be freed by the garbage collector.
  
-The default method of storing sessions is to store it in fileHowever if you have special needs such as you:+An alternative to using a database backed session handler is to use [[v5:userguide:memcached]]. This is distributed memory based caching system suitable for storing session information.
  
-  * Have multiple web servers that need to share session info +<WRAP important> 
-  * Need to do special processing of each session +The original session management routines that use ''adodb-session.inc.php'' are deprecated as of ADOdb version 5.20, and will be removed in ADOdb Version 6.0.0. For information on upgrading from the original version, see [[v5:session:version1|Here]] 
-  * Require notification when a session expires+</WRAP>
  
-The ADOdb session handler provides you with the above additional capabilities by storing the session information as records in a database table that can be shared across multiple servers. 
  
-These records will be garbage collected based on the php.ini [session] timeout settings. You can register a notification function to notify you when the record has expired and is about to be freed by the garbage collector+===== Driver Support ===== 
- +The following drivers are known to work with the adodb-session2.php file: 
-An alternative to using a database backed session handler is to use [[v5:userguide:memcached]]. This is a distributed memory based caching system suitable for storing session information.+  - mysqli 
 +  - pdo_mysqli (From ADOdb version 5.21) 
 +  - postgres 
 +  - oci8
  
 +This is not an exhaustive list, if you are using the system with a different database, let us know so we can add it to the list.
  
 ===== Usage ===== ===== Usage =====
Line 99: Line 99:
  
 ADOdb_Session::config($driver, $host, $user, $password, $database, $options=false); ADOdb_Session::config($driver, $host, $user, $password, $database, $options=false);
-ADOdb_session::Persist($connectMode=false);+ADOdb_Session::persist($connectMode=false);
 session_start(); session_start();
  
Line 113: Line 113:
 </code> </code>
  
-The parameter to the ''persist( )'' method sets the connection mode. You can pass the following: 
- 
-^$connectMode^Connection Method^ 
-^true|PConnect()| 
-^false|Connect()| 
-^'N'|NConnect()| 
-^'P'|PConnect()| 
-^'C'|Connect()| 
  
 ===== Using Encrypted Sessions ===== ===== Using Encrypted Sessions =====
Line 134: Line 126:
  
 ADOdb_Session::config($driver, $host, $user, $password, $database,$options=false); ADOdb_Session::config($driver, $host, $user, $password, $database,$options=false);
-adodb_sess_open(false,false,$connectMode=false); 
 session_start(); session_start();
 </code> </code>
Line 149: Line 140:
  
 ADOdb_Session::config($driver, $host, $user, $password, $database,$options=false); ADOdb_Session::config($driver, $host, $user, $password, $database,$options=false);
-adodb_sess_open(false,false,$connectMode=false); 
 session_start(); session_start();
 </code> </code>
Line 157: Line 147:
 Create this table in your database.  Create this table in your database. 
  
-==== MySQL ==== +==== MySQL or PDO MySQL ==== 
-   + 
-  CREATE TABLE sessions2( +<code> 
-   sesskey VARCHAR( 64 ) NOT NULL DEFAULT '', +CREATE TABLE sessions2 ( 
-     expiry DATETIME NOT NULL , +  sesskey VARCHAR( 64 ) COLLATE utf8mb4_bin NOT NULL DEFAULT '', 
-   expireref VARCHAR( 250 ) DEFAULT '', +  expiry DATETIME NOT NULL , 
-   created DATETIME NOT NULL , +  expireref VARCHAR( 250 ) DEFAULT '', 
-   modified DATETIME NOT NULL , +  created DATETIME NOT NULL , 
-   sessdata LONGTEXT, +  modified DATETIME NOT NULL , 
-   PRIMARY KEY ( sesskey ) , +  sessdata LONGTEXT, 
-   INDEX sess2_expiry( expiry ), +  PRIMARY KEY ( sesskey ) , 
-   INDEX sess2_expireref( expireref ) +  INDEX sess2_expiry( expiry ), 
-  )+  INDEX sess2_expireref( expireref ) 
 +) 
 +</code> 
 + 
 +<WRAP info> 
 +When [[https://www.php.net/manual/en/session.configuration.php#ini.session.sid-bits-per-character|session.sid_bits_per_character]] php.ini setting is set to 6, the //Session ID// can contain both upper and lowercase letters.  
 +Collisions could occur in this case, due to MySQL performing case-insensitive searches by default.  
 +To avoid that, the //sesskey// column should use binary (or a case-sensitive) collation. 
 +</WRAP> 
  
 ==== PostgreSQL ==== ==== PostgreSQL ====
Line 238: Line 237:
  $user = $ADODB_SESS_CONN->qstr($expireref);  $user = $ADODB_SESS_CONN->qstr($expireref);
  
- $ADODB_SESS_CONN->Execute("delete from shopping_cart where user=$user");+ $ADODB_SESS_CONN->execute("delete from shopping_cart where user=$user");
  system("rm /work/tmpfiles/$expireref/*");  system("rm /work/tmpfiles/$expireref/*");
 } }
Line 277: Line 276:
 will compress and then encrypt the record in the database. will compress and then encrypt the record in the database.
  
-===== Session Cookie Regeneration ===== 
  
-The method ''adodb_session_regenerate_id()'' will dynamically change the current session id with a newly generated one and update database. This currently only works with cookies. Useful to improve security by reducing the risk of session-hijacking. See this article on Session Fixation for more info on the theory behind this feature.  
  
-==== Usage ==== 
- 
-<code php> 
-include 'adodb/adodb-session2.php'; 
- 
-session_start(); 
-/* 
-* Approximately every 10 page loads, reset cookie for safety. 
-* This is extremely simplistic example, better 
-* to regenerate only when the user logs in or changes 
-* user privilege levels. 
-*/ 
-if ((rand()%10) == 0)  
-    adodb_session_regenerate_id(); 
-</code> 
- 
-This function calls ''session_regenerate_id()'' internally or simulates it if the function does not exist. 
- 
-===== Vacuum/Optimize Database ===== 
- 
-During session garbage collection, if postgresql is detected, ADOdb can be set to run VACUUM. If mysql is detected, then optimize database could be called.You can turn this on or off using: 
-<code php> 
-$turnOn = true; # or false 
-ADODB_Session::optimize($turnOn); 
-</code> 
-The default is optimization is disabled. 
  
-===== Backwards Compatability =====+===== Backwards Compatibility =====
  
 The older method of connecting to ADOdb using global variables is now deprecated, and **will be removed** in ADOdb version 6.0: The older method of connecting to ADOdb using global variables is now deprecated, and **will be removed** in ADOdb version 6.0:
Line 316: Line 287:
 $ADODB_SESSION_USER ='root'; $ADODB_SESSION_USER ='root';
 $ADODB_SESSION_PWD ='abc'; $ADODB_SESSION_PWD ='abc';
-$ADODB_SESSION_DB ='phplens';+$ADODB_SESSION_DB ='employees';
  
 include 'adodb/adodb-session.php'; include 'adodb/adodb-session.php';
v5/session/session_index.txt · Last modified: 2023/04/08 18:08 by dregad