[Solar-talk] Re-introducing Solar_Session with adapter support

Leo Chiao leo.chiao at gmail.com
Sat Mar 1 16:29:58 CST 2008 

Just a few things I noticed on your Solar_Session_Adapter_Sql.  When
updating an existing record in _write, you aren't updating the datetime
column that the garbage collector depends on.  This means that the session
will never live longer than the default timespan.  I would suggest adding a
modified_col which is used in both the _gc and _write functions.  When
updating an existing session, modified_col would get updated and _gc would
look at the modified_col rather than the created_col. You could just use one
datetime column, but some people may want to know the create date and
compare it to the modified date to see how long someone's session has been
in use.
Another issue, which is common people when implement database backed
sessions is that the _read method should be periodically updating the
modified_date.  In the scenario where someone is browsing a site with a
session that is never writing/updating their existing session data (say
someone browsing an online store, but never adding something to their cart),
their session will get inadvertently garbage collected even when they are
actively browsing the site.  The way PHP file based sessions work is that
the file timestamp is updated when the file is read which most people
overlook.  For performance issues, you probably wouldn't want to emulate
that exact behavior and update on ever single read, but it is something to
be aware of.

You may want to also add session_write_close() via a __destruct or using
register_shutdown_function for the db backed sessions


On Sat, Mar 1, 2008 at 4:42 PM, Antti Holvikari <anttih at gmail.com> wrote:

> I thought I'd tell you a bit about the session package I've been
> working on. I'd be happy to hear opinions / comments.
>
> Solar doesn't have an adapter-aware session package at the moment,
> this tries to solve that problem. I have written 3 adapters:
>
> * `Solar_Session_Adapter_File`: Uses the default PHP session save
> handler 'files'. Nothing special about it. It's the same as not
> setting any save handler.
>
> * `S_S_Adapter_Memcache`: Uses the C-based 'memcache' save handler.
> This basicly just says
>
>    `ini_set('session.save_handler', 'memcache');`
>
>    ...but it also wraps the memcache server configuration into Solar
> config keys.
>
> * `S_S_Adapter_Sql`: Uses `Solar_Sql` for storing session data. You
> can configure it with these keys (key => default value):
>
>    * 'table'       => 'sessions',
>    * 'created_col' => 'created',
>    * 'sessid_col'  => 'sessid',
>    * 'data_col'    => 'data',
>
> This adapter also knows how to garbage-collect old session data.
>
> All of the adapters that use `session_set_save_handler()` internally,
> will only write data if it has been changed since the last read. This
> prevents many unneccessary writes.
>
> Also, I think I've found a solution for the "remember me" feature
> everybody wants to have. I've written a consept session adapter
> (`S_S_Adapter_Remember`) that does exactly this. It uses a _setup()
> hook which I've added to the abstract adapter class. In it, it checks
> for a POST variable `remember`, and if it is set, it changes the
> cookie lifetime to have a much bigger value (one week). A new cookie
> will be sent with the new params if `Solar_Auth` sees a login attempt
> and calls `session_regenerate_id()`.
>
> The `_setup()` hook is really useful for running code that, for
> example, manipulates the cookie parameters dynamically right before
> the session starts.
>
> Now onto the actual session data storage API.
>
> At the moment `Solar_Session` is being used for session storage. And
> now that my package replaces `Solar_Session` with the save handler
> code we need something for saving stuff in $_SESSION. For this, I've
> added a class `Solar_Session_Store`, which replaces the old
> `Solar_Session` as it is. The purpose of this class is to divide
> `$_SESSION` into segments so that keys won't collide and to provide an
> API for one-time flashes. This class has exactly the same API as the
> current `Solar_Session` class and so the only change that needs to be
> made in Solar is to replace uses of `Solar_Session` with
> `Solar_Session_Store`.
>
> You can browse the code here:
>
> http://git.anttih.com/?p=antti/solar.git;a=tree;f=Solar/Session
>
> Paul, I will add this to trac as a feature request like you askes (not
> this long though :-).
>
> --
> Antti Holvikari <http://anttih.com>
> _______________________________________________
> Solar-talk mailing list
> Solar-talk at lists.solarphp.com
> http://mailman-mail3.webfaction.com/listinfo/solar-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman-mail3.webfaction.com/pipermail/solar-talk/attachments/20080301/63ffc6ad/attachment.html

More information about the Solar-talk mailing list