On 5/17/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
>
> > Among other things wouldn't it be more efficient to have a timestamp
> > in the user table which is updated in beforeFilter? and checked at
> > login time?
>
> h, i had to think twice... you mean to copy the session timestamp
> into the use
> Among other things wouldn't it be more efficient to have a timestamp
> in the user table which is updated in beforeFilter? and checked at
> login time?
h, i had to think twice... you mean to copy the session timestamp
into the users table ? hm, thats a matter of taste maybe. but it's
defin
> I would run a findall to select only those with
> $session['Mysession']['expires']>time() and loop over those. Garbage
> collection is handled by PHP and you need not write your own - even if
> you insist I would say it would be easier to write a custom SQL query
> and delete in one fell swoop
On 5/17/07, jyrgen <[EMAIL PROTECTED]> wrote:
> // ... password validation succeeded
> ...
> // custom session garbage collection
> //
> $sessions = $this->Mysession->findAll();
> foreach($sessions as $session){
> if($session['Mysession']['expires'] $this->Mysession->d
This is my solution for prevention of multiple logins
with grigri's helper function.
have fun , jyrgen
users_controller.php
...
// ... password validation succeeded
...
// custom session garbage collection
//
$sessions = $this->Mysession->findAll();
foreach($sessions as $session){
i
beatiful :-)
thanks very much !
cheers, jyrgen
On 16 Mai, 16:56, grigri <[EMAIL PROTECTED]> wrote:
> Nice and simple solution:
>
> function decode_session_data($encoded) {
> $backup = $_SESSION;
> $_SESSION = array();
> session_decode($encoded);
> $ret = $_SESSION;
> $_SESSION = $back
beautiful !
so this is the meaning of "transparent encryption" from the
suhosin "hardening" feature list...
thanks ! jyrgen
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, s
Nice and simple solution:
function decode_session_data($encoded) {
$backup = $_SESSION;
$_SESSION = array();
session_decode($encoded);
$ret = $_SESSION;
$_SESSION = $backup;
return $ret;
}
// (got the string from the first page of this post)
print_r(decode_session_data('Config|a:3:{s
> $row = explode ('User|',$session['cake_sessions']['data']);
yo, thanks !
that's what Matthias Bauer suggested, i will adept this. it
is much nicer than the code fragment i found on php.net.
i will also disable the suhosin session encryption, which
lowers the site security, but for now i can
$row = explode ('User|',$session['cake_sessions']['data']);
pr(unserialize($row[1]));
?
On May 15, 11:49 pm, jyrgen <[EMAIL PROTECTED]> wrote:
> hm. do you mean i should rather store the login state
> somewhere else, in another table... ?
--~--~-~--~~~---~--~~
Y
jyrgen, i think this must be solved! :)
I have all users data in session table: username, expired (can be
used for counting numbers of usesrs in last 5 min or so.), etc.
Now i want to find all logged usernames in last 5 min, but i dont know
how to extract this data from session table record.
Stor
> > * prevention of multiple logins *
>
> You want only one person to be logged in at a time OR you don't want
> the same person to login from multiple computers at the same time?
sorry, this was ambigous...
the latter, one person may login only once.
regards, jyrgen
--~--~-~--~~-
On 5/16/07, jyrgen <[EMAIL PROTECTED]> wrote:
> the end functionality is
>
> * prevention of multiple logins *
>
You want only one person to be logged in at a time OR you don't want
the same person to login from multiple computers at the same time?
Tarique
--
My motto for everyone else - "Just
> > i need access to *all* existing valid sessions in the table,
> > so i can test, if a user is already logged in .
>
> What is the end result / functionality you are trying to achieve by doing
> that?
hello tarique,
the end functionality is
* prevention of multiple logins *
(which i assume
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
> i need access to *all* existing valid sessions in the table,
> so i can test, if a user is already logged in .
>
What is the end result / functionality you are trying to achieve by doing that?
Tarique
--
My motto for everyone else - "Just shut
Maybe you could add a session_id column to your users table. When a
user logs in you can store their session_id in the table. Now every
time a user requests a page, check the session_id in the table against
the current value returned by PHP's session_id(). If it is not the
same, log the user out
> Why not just register a session handling function to do that?
because i don't want to mess / overwrite / interfere with cake's gc,
which is just doing fine.
i need to collect garbage only once, before someone attempts
to login. by means of this i make sure that compare only against
active acc
On May 15, 2007, at 4:14 PM, jyrgen wrote:
>
>> PHP sessions are managed by a garbage-collection routine and have
>> expiration times.
>
> thanks, yes i know. i do collect garbage "manually" by deleting
> expired rows from the session table (before the login).
Why not just register a session ha
> PHP sessions are managed by a garbage-collection routine and have
> expiration times.
thanks, yes i know. i do collect garbage "manually" by deleting
expired rows from the session table (before the login).
please don't get me wrong. i worked all this out, and it was running
until my provider i
On May 15, 2007, at 3:58 PM, jyrgen wrote:
>
> yeah, you're right. I could set up an extra table for this, or
> add an extra column to the user record. but when a session
> is not closed properly, the login value remains 1.
PHP sessions are managed by a garbage-collection routine and have
exp
yeah, you're right. I could set up an extra table for this, or
add an extra column to the user record. but when a session
is not closed properly, the login value remains 1.
> You definitely could...but then you have to make sure you delete old
> records so that you don't record someone as being
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
> hm. do you mean i should rather store the login state
> somewhere else, in another table... ?
>
You definitely could...but then you have to make sure you delete old
records so that you don't record someone as being logged in when they
are not.
--
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
> Than my "boss" came up and said : hey can you modify the
> login logic so that a user cannot login twice (because our
> customers tend to borrow their accounts to colleagues)
> Sure i can do. So what do i have to do ? I search the session
> table to
hm. do you mean i should rather store the login state
somewhere else, in another table... ?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroup
Hi Mr.Tufty,
ok, i tell you whole story.
I build a website with cake. I'm kind of making a living of it.
I set up my own auth system, which is nothing more than
a login form and a validation against login/password.
I highly appreciated cake's session/cookie mechanism, so i
employed it :-)
Than
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
>
> thats it. no magic with " | " signs, or custom deserialization.
The magic is the way PHP stores sessions itself. Honest. Again, go
read up on custom session handlers because it does explain how PHP
stores the session data if you go with the de
Jyrgen,
I still don't understand why you feel the need to override Cake's
internal session handling in favour of your own.
It's simple, ok. If you want to read the existing session just use
$this->Session->read('User.username'); or $session-
>read('User.username'); in the view. Obviously this wo
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
> c'mon that's really kiddy stuff. i'm talking about software design,
> and i would like to know why this or that has been implemented.
> if you would point every user to the sources, what's the use of
> this group then ?
> why is there a custom seri
> Sorry you feel differently. If you have the source, you should be
> able to figure it out.
c'mon that's really kiddy stuff. i'm talking about software design,
and i would like to know why this or that has been implemented.
if you would point every user to the sources, what's the use of
this g
> So why don't you go into the source of CakePHP and look at the code?
guess what i did... i found... nothing which helped me any further.
thats why i posted this problem again ,
but thanks, anyway (not ironic)
--~--~-~--~~~---~--~~
You received this message beca
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
> > Wouldn't it better for you to learn how it works instead of someone
> > just spoon-feeding you an answer?
>
> now that's a great help ! :-)
>
Sorry you feel differently. If you have the source, you should be
able to figure it out.
--
Chris Ha
thanks Matt,
generally i don't post anything here before looking in to source.
ok, so what do we find in the session lib:
the database read function :
function __read($key) {
$db =& ConnectionManager::getDataSource('default');
$table = $db->fullTableName
> Wouldn't it better for you to learn how it works instead of someone
> just spoon-feeding you an answer?
now that's a great help ! :-)
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to t
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
> i wished that phpnut or any other guy who wrote this lib
> could be pointed to this thread... :-)
Wouldn't it better for you to learn how it works instead of someone
just spoon-feeding you an answer? From my conversations with PhpNut,
I suspect h
i wished that phpnut or any other guy who wrote this lib
could be pointed to this thread... :-)
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@google
On 15.05.2007 18:44 jyrgen wrote:
> pr(serialize($_SESSION));
>
> results in :
>
> a:1:{s:6:"Config";a:3:{s:4:"rand";i:1482441247;s:4:"time";i:
> 1179248446;s:9:"userAgent";s:32:"cc98eaffc23c634e0efd75ab9e36e810";}}
>
> so fine-.
>
> but note the different notation in the sessions table:
>
>
> Why can't you set a cookie? Way easier.
how do you mean ?
cookies are activated. please explain
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@goo
> Again, why are you trying to read entries from the session table?
in the session i store the user ID, as well as a flag
"logged_in" (equals
0 or 1). so i can test in my actions if the user is authenticated.
does that make sense ?
now imagine another user with the account data (doesn't matter
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
> i get a php error, of course, the format is not accepted,
>
> Notice: unserialize(): Error at offset 0 of 117 bytes in /var/www/cake/
> app/views...
>
> how does cake do it ? this is what i just don't get into my head,
> since the
> session lib is
i get a php error, of course, the format is not accepted,
Notice: unserialize(): Error at offset 0 of 117 bytes in /var/www/cake/
app/views...
how does cake do it ? this is what i just don't get into my head,
since the
session lib is able to read and write values from / to the db
--~--
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
> php fails to unserialize this string !!
>
> thats why i cannot read entries from the session table.
>
Again, why are you trying to read entries from the session table?
--
Chris Hartjes
My motto for 2007: "Just build it, damnit!"
@TheBallpark
On 5/15/07, Chris Hartjes <[EMAIL PROTECTED]> wrote:
> On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
> >
> > i need access to *all* existing valid sessions in the table,
> > so i can test, if a user is already logged in .
> >
>
> Why can't you set a cookie? Way easier.
>
Although now that I thin
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
> i need access to *all* existing valid sessions in the table,
> so i can test, if a user is already logged in .
>
Why can't you set a cookie? Way easier.
--
Chris Hartjes
My motto for 2007: "Just build it, damnit!"
@TheBallpark - http://www.l
i don't think i need a custom session handler.
cake's session component *is* such a handler.
i just want to get the data column deserialized, thats all.
but it seems impossible with this format i find in the db.
for example where does the " | " sign come from ??
--~--~-~--~~-
i need access to *all* existing valid sessions in the table,
so i can test, if a user is already logged in .
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cak
example:
pr($_SESSION);
gives
Array
(
[Config] => Array
(
[rand] => 1482441247
[time] => 1179248446
[userAgent] => cc98eaffc23c634e0efd75ab9e36e810
)
)
pr(serialize($_SESSION));
results in :
a:1:{s:6:"Config";a:3:{s:4:"rand";i:1482441
On 5/15/07, jyrgen <[EMAIL PROTECTED]> wrote:
>
> why can't i simply use php's (un)serialize in order to get
> data out of the session table ?
Do you mean you want to read data out of the session table and then
unserialize it? Um, that's exactly what a session handler does for
you, and it even p
why can't i simply use php's (un)serialize in order to get
data out of the session table ?
i might be wrong but i expected this to work, since php
internal serialize handling is activated:
ini_set('session.serialize_handler', 'php');
thanks, jyrgen
--~--~-~--~~~---
48 matches
Mail list logo