ADOdb

Database Abstraction Layer for PHP

User Tools

Site Tools

Trace: Proxy
v5:session:session_index

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
v5:session:session_index [2016/05/22 17:18] mnewnhamv5:session:session_index [2024/10/08 09:21] (current) – [Using Encrypted Sessions] dregad
Line 1: Line 1:
 ====== Session Management ====== ====== Session Management ======
-~~NOTOC~~ 
 <WRAP right box> <WRAP right box>
 [[v5:session:Index]]\\ [[v5:session:Index]]\\
Line 9: Line 8:
 ADOdb session management extends the standard functionality of PHP sessions, by allowing the normal session data seen to be stored in a database itself. There are numerous ways that this method enhances the default behavior ADOdb session management extends the standard functionality of PHP sessions, by allowing the normal session data seen to be stored in a database itself. There are numerous ways that this method enhances the default behavior
  
-  * Simplified clean-up at end =of session life+  * Simplified clean-up at end of session life
   * Easy analysis of session data   * Easy analysis of session data
   * Simple session termination   * Simple session termination
Line 24: Line 23:
 An alternative to using a database backed session handler is to use [[v5:userguide:memcached]]. This is a distributed memory based caching system suitable for storing session information. An alternative to using a database backed session handler is to use [[v5:userguide:memcached]]. This is a distributed memory based caching system suitable for storing session information.
  
 +<WRAP important>
 +The original session management routines that use ''adodb-session.inc.php'' are deprecated as of ADOdb version 5.20, and will be removed in ADOdb Version 6.0.0. For information on upgrading from the original version, see [[v5:session:version1|Here]]
 +</WRAP>
 +
 +
 +===== Driver Support =====
 +The following drivers are known to work with the adodb-session2.php file:
 +  - mysqli
 +  - pdo_mysqli (From ADOdb version 5.21)
 +  - postgres
 +  - oci8
 +
 +This is not an exhaustive list, if you are using the system with a different database, let us know so we can add it to the list.
  
 ===== Usage ===== ===== Usage =====
Line 73: Line 85:
                               and you are NOT using oci8 driver                               and you are NOT using oci8 driver
  
-==== Usage Examples ====+==== Non-persistent Connections====
  
-To force non-persistent connections, call ''persist()'' first before ''session_start()'':+To force non-persistent connections, call ''persist()'' before ''session_start()'':
  
 <code php> <code php>
- 
 include_once "adodb/session/adodb-session2.php"; include_once "adodb/session/adodb-session2.php";
 $driver   = 'mysql';  $driver   = 'mysql'; 
Line 87: Line 98:
  
 ADOdb_Session::config($driver, $host, $user, $password, $database, $options=false); ADOdb_Session::config($driver, $host, $user, $password, $database, $options=false);
-ADOdb_session::Persist($connectMode=false);+ADOdb_Session::persist(false);
 session_start(); session_start();
- 
 </code> </code>
 ==== DSN Support ==== ==== DSN Support ====
Line 101: Line 111:
 </code> </code>
  
-<WRAP important> +
-The original session management routines that use ''adodb-session.inc.php'' are deprecated as of ADOdb version 5.20, and will be removed in ADOdb Version 6.0.0. For information on upgrading from the original version, see [[v5:session:version1|Here]] +
-</WRAP>+
 ===== Using Encrypted Sessions ===== ===== Using Encrypted Sessions =====
-To use encrypted sessions, replace the file ''adodb-session2.php'' with ''adodb-cryptsession2.php'':+To use encrypted sessions, replace the file ''adodb-session2.php'' with ''adodb-cryptsession2.php'':
  
 <code php> <code php>
Line 137: Line 145:
 Create this table in your database.  Create this table in your database. 
  
-==== MySQL ==== +==== MySQL or PDO MySQL ==== 
-   + 
-  CREATE TABLE sessions2( +<code> 
-   sesskey VARCHAR( 64 ) NOT NULL DEFAULT '', +CREATE TABLE sessions2 ( 
-     expiry DATETIME NOT NULL , +  sesskey VARCHAR( 64 ) COLLATE utf8mb4_bin NOT NULL DEFAULT '', 
-   expireref VARCHAR( 250 ) DEFAULT '', +  expiry DATETIME NOT NULL , 
-   created DATETIME NOT NULL , +  expireref VARCHAR( 250 ) DEFAULT '', 
-   modified DATETIME NOT NULL , +  created DATETIME NOT NULL , 
-   sessdata LONGTEXT, +  modified DATETIME NOT NULL , 
-   PRIMARY KEY ( sesskey ) , +  sessdata LONGTEXT, 
-   INDEX sess2_expiry( expiry ), +  PRIMARY KEY ( sesskey ) , 
-   INDEX sess2_expireref( expireref ) +  INDEX sess2_expiry( expiry ), 
-  )+  INDEX sess2_expireref( expireref ) 
 +) 
 +</code> 
 + 
 +<WRAP info> 
 +When [[https://www.php.net/manual/en/session.configuration.php#ini.session.sid-bits-per-character|session.sid_bits_per_character]] php.ini setting is set to 6, the //Session ID// can contain both upper and lowercase letters.  
 +Collisions could occur in this case, due to MySQL performing case-insensitive searches by default.  
 +To avoid that, the //sesskey// column should use binary (or a case-sensitive) collation. 
 +</WRAP> 
  
 ==== PostgreSQL ==== ==== PostgreSQL ====
Line 187: Line 204:
 ===== Notifications ===== ===== Notifications =====
  
-You can receive notification when your session is cleaned up by the session garbage collector or when you call session_destroy().+You can receive notification when your session is cleaned up by the session garbage collector or when you call //session_destroy()//.
  
-PHP's session extension will automatically run a special garbage collection function based on your php.ini session.cookie_lifetime and session.gc_probability settings. This will in turn call adodb's garbage collection function, which can be setup to do notification.+PHP's session extension will automatically run a special garbage collection function based on your php.ini session.cookie_lifetime and session.gc_probability settings. This will in turn call ADOdb's garbage collection function, which can be setup to perform notification.
  
- PHP Session --> ADOdb Session  --> Find all recs  --> Send          --> Delete queued +  PHP Session --> ADOdb Session --> Find all recs --> Send         --> Delete 
- GC Function     GC Function        to be deleted      notification      records +  GC Function     GC Function       to be deleted     notification     queued 
- executed at     called by                             for all recs +  executed at     called by                           for all recs     records 
- random time     Session Extension                     queued for deletion+  random time     Session                             queued for 
 +                  Extension                           deletion
  
 When a session is created, we need to store a value in the session record (in the EXPIREREF field), typically the userid of the session. Later when the session has expired, just before the record is deleted, we reload the EXPIREREF field and call the notification function with the value of EXPIREREF, which is the userid of the person being logged off. When a session is created, we need to store a value in the session record (in the EXPIREREF field), typically the userid of the session. Later when the session has expired, just before the record is deleted, we reload the EXPIREREF field and call the notification function with the value of EXPIREREF, which is the userid of the person being logged off.
Line 218: Line 236:
  $user = $ADODB_SESS_CONN->qstr($expireref);  $user = $ADODB_SESS_CONN->qstr($expireref);
  
- $ADODB_SESS_CONN->Execute("delete from shopping_cart where user=$user");+ $ADODB_SESS_CONN->execute("delete from shopping_cart where user=$user");
  system("rm /work/tmpfiles/$expireref/*");  system("rm /work/tmpfiles/$expireref/*");
 } }
-</code>    +</code> 
-NOTE 1: If you have register_globals disabled in php.ini, then you will have to manually set the EXPIREREFe.g.+ 
 +<WRAP info> 
 +EXPIREREF must be set manually, e.g. 
  
 <code php> <code php>
Line 229: Line 249:
 </code> </code>
  
-NOTE 2: If you want to change the EXPIREREF after the session record has been created, you will need to modify any session variable to force a database record update.+In older versions of ADOdb this could be achieved automatically through the use of register_globals, but this feature has been [[https://php-legacy-docs.zend.com/manual/php5/en/security.globals|removed in PHP 5.4 for security reasons]]. 
 +</WRAP>
  
 +<WRAP info>
 +If you want to change the EXPIREREF after the session record has been created, you will need to modify any session variable to force a database record update.
 +</WRAP>
 ===== Neat Notification Tricks =====  ===== Neat Notification Tricks ===== 
  
Line 257: Line 281:
 will compress and then encrypt the record in the database. will compress and then encrypt the record in the database.
  
-===== Session Cookie Regeneration ===== 
  
-The method ''adodb_session_regenerate_id()'' will dynamically change the current session id with a newly generated one and update database. This currently only works with cookies. Useful to improve security by reducing the risk of session-hijacking. See this article on Session Fixation for more info on the theory behind this feature.  
  
-==== Usage ==== 
- 
-<code php> 
-include 'adodb/adodb-session2.php'; 
- 
-session_start(); 
-/* 
-* Approximately every 10 page loads, reset cookie for safety. 
-* This is extremely simplistic example, better 
-* to regenerate only when the user logs in or changes 
-* user privilege levels. 
-*/ 
-if ((rand()%10) == 0)  
-    adodb_session_regenerate_id(); 
-</code> 
- 
-This function calls ''session_regenerate_id()'' internally or simulates it if the function does not exist. 
- 
-===== Vacuum/Optimize Database ===== 
- 
-During session garbage collection, if postgresql is detected, ADOdb can be set to run VACUUM. If mysql is detected, then optimize database could be called.You can turn this on or off using: 
-<code php> 
-$turnOn = true; # or false 
-ADODB_Session::optimize($turnOn); 
-</code> 
-The default is optimization is disabled. 
  
-===== Backwards Compatability =====+===== Backwards Compatibility =====
  
 The older method of connecting to ADOdb using global variables is now deprecated, and **will be removed** in ADOdb version 6.0: The older method of connecting to ADOdb using global variables is now deprecated, and **will be removed** in ADOdb version 6.0:
Line 296: Line 292:
 $ADODB_SESSION_USER ='root'; $ADODB_SESSION_USER ='root';
 $ADODB_SESSION_PWD ='abc'; $ADODB_SESSION_PWD ='abc';
-$ADODB_SESSION_DB ='phplens';+$ADODB_SESSION_DB ='employees';
  
 include 'adodb/adodb-session.php'; include 'adodb/adodb-session.php';
v5/session/session_index.1463930296.txt.gz · Last modified: 2017/04/21 11:37 (external edit)