Thread: php sessions
View Single Post
Old
greenfloyd's Avatar
greenfloyd greenfloyd is offline
Member
greenfloyd is on a distinguished road
  
Posts: 75
Join Date: Jan 2009
Location: Portland, Oregon
Default Sessions code examples - 07-10-2009, 03:29 AM
Hi all,
While I'm still testing this configuration, so far it seems to be working:

The Roller~Poster application has a Reader page, a Private page and a Signout page.

The Reader is the primary interface. Here's the code for session control:

Code:
<?php
	session_save_path("/home/a7440484/public_html/tmp");
	ini_set("session.gc_maxlifetime", 3600);
	ini_set("session.gc_probability", 100);
	session_start();
	$session_life = ini_get("session.gc_maxlifetime");
	$session_path = session_save_path();
This code:
  • Sets a \tmp directory for holding session files.
  • Sets the session life to one hour.
  • Set the probability of clean-up of old session files to 100% each time a session is started.
  • Starts the session.
  • Loads a varible to the same value as session life.
  • Loads a varible to the same value as my session directory.

The Private page handles all form and db i/o, sign in and posting:
Code:
<?php
	session_save_path("/home/a7440484/public_html/tmp");
	ini_set("session.gc_maxlifetime", 3600);
	ini_set("session.gc_probability", 100);
	ini_set('session.referer_check', 'http://greenfloyd.site90.com/_roller.reader.php');
	session_start();
	session_destroy();
	session_start();
	session_regenerate_id();
	$session_life = ini_get("session.gc_maxlifetime");
	$session_path = session_save_path();
As you can see the first 3 lines are the same as the Reader page. It is important to repeat the same code accross any application's pages that modify the defaults. If a page does include the same code, then values not specified are reset to defaults.

Code:
	ini_set('session.referer_check', 'http://greenfloyd.site90.com/_roller.reader.php');
This will create an invalid session and clear all session data if a user tries to access Private from any other url than the one in this command. The only valid way to get to Private is from the Reader.

Code:
	session_start();
	session_destroy();
	session_start();
	session_regenerate_id();
This is striaght forward, start then destroy than start again Anyway it seems to work. I generate a new id because I use it to create a permanent tracking id and as a table name for user accounts.


The SignOut page clears session data:
Code:
<?php
	session_save_path("/home/a7440484/public_html/tmp");
	ini_set("session.gc_probability", 100);
	session_start();
	session_unset();
	session_destroy();
	$_SESSION = array();
I tried to delete session files but it didn't work. So the next best thing, I figured, is removing all the elements from the session array (the last line). Also note the absense of the session life time command. I figured resetting that value to default on signout made sense so the gc would clean up sooner rather than later.

Please bear in mind this set up has NOT been tested under any significant load.

Cheers.
Reply With Quote