Re: cleaning old Apache::Session's
We are not using cookies to send the session id to the server, but instead rewrite URLs to contain the session-id (switch off Cookies and go to http://www.amazon.com for a similar experience). When a user hits us with a request we lookup the session-data in the session-table and jump to a "sorry session expired page" if the timestamp is older than 30 minutes. If the session does not exist in the session store then we jump to the "homepage". Otherwise we call Apache::Session's 'tie' to grab the data. Some of you may wonder about the first lookup of the session data, instead of leaving it up to Apache::Session to figure out whether the session still exists. In pre-5.6 days an eval { tie ... Apache::Session }; would take down the process with a bunch of 'POPSTACKs'. That's why still have the code in there which checks for the existance of the session row. Makes sense? Tobias At 10:09 AM 6/2/00 -0400, Niral Trivedi wrote: >Tobias, > >What do you exactly mean by line 'Internally the session will expire >after 30 minutes.'??? > >Is it something internal to Apache::Session or you have it programmed on >custom basis or what??? > >Niral > >Tobias Hoellrich wrote: >> >> At 09:26 AM 6/2/00 +1000, Adam Cassar wrote: >> >I was wondering how people are clearing out old Apache::Session's >> > >> >No timestamp is used on the fields used by Apache::Session, so how do >> >we clear the old sessions? >> > >> >I am not talking about the delete() method to remove a session, as that >> >presumes that a user will always leave your site via pre-defined access >> >points. >> > >> >> Adam, >> >> nobody stops you from adding a timestamp :-) >> >> mysql> describe sessions; >> +---+---+--+-+-+---+ >> | Field | Type | Null | Key | Default | Extra | >> +---+---+--+-+-+---+ >> | id| varchar(16) | | MUL | | | >> | modtime | timestamp(14) | YES | | NULL| | >> | a_session | blob | YES | | NULL| | >> +---+---+--+-+-+---+ >> 3 rows in set (0.00 sec) >> >> For every access to a session entry mysql will automatically set the first >> timestamp field in a row to the current time. We run a cronjob every 15 >> minutes, which does a: >> >> #!/bin/sh >> /usr/local/mysql/bin/mysql -px -u sessions << EOSQL >> delete from sessions where time_to_sec(now()) - >time_to_sec(modtime) > >> 60*60; >> EOSQL >> >> to clear any session entry older than one hour. Internally the session wil >> expire after 30 minutes. >> >> Hope this helps >>Tobias
RE: cleaning old Apache::Session's
I think he means that the session is removed from the server, but the sesion ID (cookie) was not set to expire... o _ /|/ | Jerrad Pierce \ | __|_ _| /||/ http://pthbb.org . | _| | \|| _.-~-._.-~-._.-~-._@" _|\_|___|___| > -Original Message- > From: Niral Trivedi [mailto:[EMAIL PROTECTED]] > Sent: Friday, June 02, 2000 10:09 > To: Tobias Hoellrich > Cc: Adam Cassar; [EMAIL PROTECTED] > Subject: Re: cleaning old Apache::Session's > > > Tobias, > > What do you exactly mean by line 'Internally the session will expire > after 30 minutes.'??? > > Is it something internal to Apache::Session or you have it > programmed on > custom basis or what??? > > Niral > > Tobias Hoellrich wrote: > > > > At 09:26 AM 6/2/00 +1000, Adam Cassar wrote: > > >I was wondering how people are clearing out old Apache::Session's > > > > > >No timestamp is used on the fields used by > Apache::Session, so how do > > >we clear the old sessions? > > > > > >I am not talking about the delete() method to remove a > session, as that > > >presumes that a user will always leave your site via > pre-defined access > > >points. > > > > > > > Adam, > > > > nobody stops you from adding a timestamp :-) > > > > mysql> describe sessions; > > +---+---+--+-+-+---+ > > | Field | Type | Null | Key | Default | Extra | > > +---+---+--+-+-+---+ > > | id| varchar(16) | | MUL | | | > > | modtime | timestamp(14) | YES | | NULL| | > > | a_session | blob | YES | | NULL| | > > +---+---+--+-+-+---+ > > 3 rows in set (0.00 sec) > > > > For every access to a session entry mysql will > automatically set the first > > timestamp field in a row to the current time. We run a > cronjob every 15 > > minutes, which does a: > > > > #!/bin/sh > > /usr/local/mysql/bin/mysql -px -u sessions << EOSQL > > delete from sessions where time_to_sec(now()) - > time_to_sec(modtime) > > > 60*60; > > EOSQL > > > > to clear any session entry older than one hour. Internally > the session wil > > expire after 30 minutes. > > > > Hope this helps > >Tobias >
Re: cleaning old Apache::Session's
Tobias, What do you exactly mean by line 'Internally the session will expire after 30 minutes.'??? Is it something internal to Apache::Session or you have it programmed on custom basis or what??? Niral Tobias Hoellrich wrote: > > At 09:26 AM 6/2/00 +1000, Adam Cassar wrote: > >I was wondering how people are clearing out old Apache::Session's > > > >No timestamp is used on the fields used by Apache::Session, so how do > >we clear the old sessions? > > > >I am not talking about the delete() method to remove a session, as that > >presumes that a user will always leave your site via pre-defined access > >points. > > > > Adam, > > nobody stops you from adding a timestamp :-) > > mysql> describe sessions; > +---+---+--+-+-+---+ > | Field | Type | Null | Key | Default | Extra | > +---+---+--+-+-+---+ > | id| varchar(16) | | MUL | | | > | modtime | timestamp(14) | YES | | NULL| | > | a_session | blob | YES | | NULL| | > +---+---+--+-+-+---+ > 3 rows in set (0.00 sec) > > For every access to a session entry mysql will automatically set the first > timestamp field in a row to the current time. We run a cronjob every 15 > minutes, which does a: > > #!/bin/sh > /usr/local/mysql/bin/mysql -px -u sessions << EOSQL > delete from sessions where time_to_sec(now()) - time_to_sec(modtime) > > 60*60; > EOSQL > > to clear any session entry older than one hour. Internally the session wil > expire after 30 minutes. > > Hope this helps >Tobias
Re: cleaning old Apache::Session's
On Fri, Jun 02, 2000 at 09:26:45AM +1000, Adam Cassar wrote: > I was wondering how people are clearing out old Apache::Session's > > No timestamp is used on the fields used by Apache::Session, so how do > we clear the old sessions? > > I am not talking about the delete() method to remove a session, as that > presumes that a user will always leave your site via pre-defined access > points. As was mentiuoned, TMTOWTDI, but for postgresql, you can just do: CREATE TABLE sessions ( id VARCHAR(32) NOT NULL, ts TIMESTAMP NOT NULL DEFAULT NOW(), a_session TEXT, PRIMARY KEY (id) ); Which works. Another equivalent solution would involve setting up a "view" on a different table abd setting up RULES that update the timestamp. E.g.: CREATE TABLE session_data ( id CHAR(32) NOT NULL, ts TIMESTAMP NOT NULL, a_session TEXT, PRIMARY KEY (id) ); CREATE VIEW sessions AS SELECT id,a_session FROM session_data; CREATE RULE sessions_update AS ON UPDATE TO sessions DO INSTEAD UPDATE session_data SET id = NEW.id, a_session = NEW.a_session, ts = CURRENT_TIMESTAMP WHERE id = OLD.id; CREATE RULE sessions_delete AS ON DELETE TO sessions DO INSTEAD DELETE FROM session_data WHERE id = OLD.id; CREATE RULE sessions_insert AS ON INSERT TO sessions DO INSTEAD INSERT INTO session_data (id, a_session, ts) VALUES (NEW.id, NEW.a_session, CURRENT_TIMESTAMP); This works too. And has the added nifty feature that "sessions" looks exactly like what Apache::Session expects to find. I'm sure there are other ways to do it (plpgsql, triggers come to mind) for postgresql. As I said, TMTOWTDI. I'm sure nearly every dbms out there can use some variant of one of the above two methods... You'll just have to adapt it for your particular DBMS. Mike
Re: cleaning old Apache::Session's
> Theres a problem with that however...it assumes you use mySQL. I use Oracle, > and it doesn't provide that functionality; you need to alter the INSERT or > UPDATE statements to include passing a SYSDATE into the timestamp field. > 'Course, you could create a trigger that adds the SYSDATE after an insert or > update, but thats not really elegant...and PL_SQL really sucks > (warning...flamebait) While perhaps the syntax "timestamp" suggested that I only meant that this would work for MySQL, I didn't. I figured that people could mentally substitute in whatever the equivalent was for their dbms. I know that there is are equivalents for Postgresql and MS SQL Server (the other 2 dbms' I've worked with), and I figure that most should have something like this. I'm surprised to hear that Oracle makes it _that_ hard to get at this kind of functionality. Oh well... we've all got fights to fight. Here's another possible approach to the problem them... Put datetime information _inside_ the session, and then run a crom job every time that opens up _every_ session, checks against the datetime info, and deletes based on that information. Isn't life ugly when you don't have a timestamp type in your dbms? :-) Cheers, Richard Richard Dice * Personal 514 816 9568 * Fax 514 816 9569 ShadNet Creator * http://shadnet.shad.ca/ * [EMAIL PROTECTED] Occasional Writer, HotWired * http://www.hotwired.com/webmonkey/ "squeeze the world 'til it's small enough to join us heel to toe" - jesus jones
Re: cleaning old Apache::Session's
At 09:26 AM 6/2/00 +1000, Adam Cassar wrote: >I was wondering how people are clearing out old Apache::Session's > >No timestamp is used on the fields used by Apache::Session, so how do >we clear the old sessions? > >I am not talking about the delete() method to remove a session, as that >presumes that a user will always leave your site via pre-defined access >points. > Adam, nobody stops you from adding a timestamp :-) mysql> describe sessions; +---+---+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+---+--+-+-+---+ | id| varchar(16) | | MUL | | | | modtime | timestamp(14) | YES | | NULL| | | a_session | blob | YES | | NULL| | +---+---+--+-+-+---+ 3 rows in set (0.00 sec) For every access to a session entry mysql will automatically set the first timestamp field in a row to the current time. We run a cronjob every 15 minutes, which does a: #!/bin/sh /usr/local/mysql/bin/mysql -px -u sessions << EOSQL delete from sessions where time_to_sec(now()) - time_to_sec(modtime) > 60*60; EOSQL to clear any session entry older than one hour. Internally the session wil expire after 30 minutes. Hope this helps Tobias
RE: cleaning old Apache::Session's
Theres a problem with that however...it assumes you use mySQL. I use Oracle, and it doesn't provide that functionality; you need to alter the INSERT or UPDATE statements to include passing a SYSDATE into the timestamp field. 'Course, you could create a trigger that adds the SYSDATE after an insert or update, but thats not really elegant...and PL_SQL really sucks (warning...flamebait) -man -Original Message- From: Richard Dice [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 01, 2000 4:31 PM To: Adam Cassar Cc: [EMAIL PROTECTED] Subject: Re: cleaning old Apache::Session's > I was wondering how people are clearing out old Apache::Session's > > No timestamp is used on the fields used by Apache::Session, so how do > we clear the old sessions? > > I am not talking about the delete() method to remove a session, as that > presumes that a user will always leave your site via pre-defined access > points. This is how I handle it... Your 'sessions' table schema has to have _at least_ the columns in it that are talked about in the Apache::Session documentation. That doesn't mean that you can't add on your own timestamp column as well. Your program can use that as a basis upon which to delete rows. Cheers, Richard Richard Dice * Personal 514 816 9568 * Fax 514 816 9569 ShadNet Creator * http://shadnet.shad.ca/ * [EMAIL PROTECTED] Occasional Writer, HotWired * http://www.hotwired.com/webmonkey/ "squeeze the world 'til it's small enough to join us heel to toe" - jesus jones
Re: cleaning old Apache::Session's
> I was wondering how people are clearing out old Apache::Session's > > No timestamp is used on the fields used by Apache::Session, so how do > we clear the old sessions? > > I am not talking about the delete() method to remove a session, as that > presumes that a user will always leave your site via pre-defined access > points. This is how I handle it... Your 'sessions' table schema has to have _at least_ the columns in it that are talked about in the Apache::Session documentation. That doesn't mean that you can't add on your own timestamp column as well. Your program can use that as a basis upon which to delete rows. Cheers, Richard Richard Dice * Personal 514 816 9568 * Fax 514 816 9569 ShadNet Creator * http://shadnet.shad.ca/ * [EMAIL PROTECTED] Occasional Writer, HotWired * http://www.hotwired.com/webmonkey/ "squeeze the world 'til it's small enough to join us heel to toe" - jesus jones