Rob Marscher wrote:
Is there any way I can check which sessions are currently active and
which aren't? I like to add some housekeeping code, but taking away
things from active sessions would be just mean.
Check out the documentation for session_set_save_handler --
http://us.php.net/manual/en/function.session-set-save-handler.php This
is how you can override the way php handles sessions by default and put
in your own code. The "gc" function (stands for garbage collection) is
where the "housekeeping" code goes. Note that the default php session
handlers should be cleaning up the expired session temp files for you
automatically. The location for these temp files is specified by the
session.save_path php.ini setting.
Thanks for the pointer. I misused the term "temp file". What I do is
create a folder that has to be unique and therefore is identical with
the session id. That is not the temp folder that the web server / PHP
creates when starting a session. I called it temp folder because I dump
upload files and other stuff in there in order to do all kinds of things
with it, once done the files are moved to the final resting spot. Since
all this real client server and stateless stuff doesn't let me know when
a client just went away, I have to come up with some way of cleaning up
a bit at some point. When the client goes away right after an upload and
before initiating the final submission, files may be left in there.
While some stale folders and files are OK (although not nice), having
them pile up over time will become a problem. So I need to keep track of
the sessions that were generated through my script in order to ditch
that folder with contents (annoyingly, there seems to be no PHP code
word that does exactly that) when the session is most likely to be
expired (24 hours later for example).
My plan is to create a session, authenticate the user, then generate a
new session ID for the session )I read that this improves security and
is easy enough to do)
As far as regenerating the session id after login, it *is* simple --
http://us.php.net/manual/en/function.session-regenerate-id.php -- but if
you're overwriting the default session handler to store sessions in a
database table, you need to make sure that it's getting updated the way
you expect.
Well, my idea is to start the session, do the login and authentication,
when the user is accepted, regenerate the session id, and then write it
to the table with a timestamp. I don't see any reason to write the first
session id to the table, because I throw that one away soon after. I
really only want to keep the ids because I want to clean up the folders
that I created.
Sounds like a workable and reliable approach to me...if I'd just had the
time to finally do it. Working with ZIP files at the moment, which go to
that session id folder as well. Still haven't really understood how the
unpacking works and what this new and -> stuff is about, anyhow (OK, I
read too much Bob Pease).
Thanks for the help,
David
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
