p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: Active sessions and inactive sessions, how to tell?


Message #1 by "John Arbon" <subscriptions@c...> on Mon, 29 Apr 2002 23:11:13
If I have stored session ID's in my database and I want to keep it clean 
and lean by destroying the session data when the client leaves the site, 
how do I tell which sessions are active and which are inactive?

Can this only be done by the life of the session as defined by the time 
span it lives?  Or is there another way?

The reason I ask is because someone may access my site from a public 
machine, and if the session life is not set to end for another 20 minutes, 
can't anyone who uses the computer next access the site using the session 
ID from the previous user, and potentially mess up the previous user's 
aco****?

John
Message #2 by "Nikolai Devereaux" <yomama@u...> on Mon, 29 Apr 2002 15:20:34 -0700
I'm assuming you're using custom sessions, since they're stored in the DB.

> If I have stored session ID's in my database and I want to keep it clean
> and lean by destroying the session data when the client leaves the site,
> how do I tell which sessions are active and which are inactive?
>
> Can this only be done by the life of the session as defined by the time
> span it lives?  Or is there another way?

There really isn't another way other than timestamps and guesswork.  You're
lucky in that if a user is good and closes the browser, a new session ID
will be generated if someone else hits up your site.  The previous users
session will be eventually garbage collected.

You have to write and register some sort of garbage collection routine.
Your site never knows if a user leaves or closes her/his browser, so using
timestamps in a "last_active" column is your best bet.

You register the garbage collection handler function with the session save
handler function.
    http://www.php.net/session_set_save_handler

For example, your garbage collector will remove all rows in your sessions
table where last_active > 20 minutes.

It's a simply sql query (or two) but you have to write it yourself and pass
the name of that handler function session_set_save_handler()


take care,

nik


p.s.  If you're using files for session handlers, you set the session
timeout in php.ini as session.gc_maxlifetime (or something like that).

Message #3 by "John Arbon" <subscriptions@c...> on Tue, 30 Apr 2002 03:02:18
Nik,

Thanks for the follow up.

I have additional questions, if I may:

Should I open a persistant connection to the db if I am going to check for 
authentication on each page?

What would the draw backs be of having persistant connections as opposed 
to making a new connection upon each authentication?  I want this site to 
be as scalable as possible.

Thanks!

John
Message #4 by "Nikolai Devereaux" <yomama@u...> on Mon, 29 Apr 2002 21:44:25 -0700
> Should I open a persistant connection to the db if I am going to
> check for authentication on each page?
>
> What would the draw backs be of having persistant connections as opposed
> to making a new connection upon each authentication?  I want this site to
> be as scalable as possible.


Sure, why not?

The thing is, in a PHP site, you're 99.9999% sure you'll have to make at
least one database query.  I never understood scripts that repeatedly open
and close connections to the database during the execution of a script.
It's absurd, since it's clearly a waste of resources and time.

Opening a persistent connection doesn't change the behavior of your script
at all.  If persistent connections are possible, then the only change you'll
notice is in speed and efficiency.

afaik, there are no drawbacks to using persistent connections.  Your site
will be much more scalable if you wrap your db-specific calls in an
abstraction layer, that way you can swap out which kind of connections to
which database engine you want without having to hunt through the entire
site for db calls.

See, if you abstract your db-specific calls in one file, then any php script
that executes will have to require() or include() that file.  I prefer
include_once() or require_once() to these functions, unless I specifically
want the contents of the included file to be processed more than one time.

call db_connect() at the bottom of your db.inc wrapper file and every php
script that include_once()'s the file will have an open connection to the
database ready to accept queries.


It's up to you at any time to swap a persistent connection function for a
non-persistent connection function in the definition of db_connect(), and
the rest of the site's none-the-wiser.


Take care, yo

nik


  Return to Index