/usr/share/ipplan/adodb/docs/docs-session.htm is in ipplan 4.92a-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>ADODB Session Management Manual</title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<style type="text/css">
body, td {
/*font-family: Arial, Helvetica, sans-serif;*/
font-size: 11pt;
}
pre {
font-size: 9pt;
background-color: #EEEEEE; padding: .5em; margin: 0px;
}
.toplink {
font-size: 8pt;
}
</style>
</head>
<body style="background-color: rgb(255, 255, 255);">
<h3>ADODB Session Management Manual</h3>
<p>
V4.54 5 Nov 2004 (c) 2000-2004 John Lim (jlim#natsoft.com.my)
</p>
<p> <font size="1">This software is dual licensed using BSD-Style and
LGPL. This means you can use it in compiled proprietary and commercial
products. </font>
<table border="1">
<tbody>
<tr>
<td><font color="red">Kindly note that the ADOdb home page has
moved to <a href="http://adodb.sourceforge.net/">http://adodb.sourceforge.net/</a>
because of the persistent unreliability of http://php.weblogs.com. <b>Please
change your links</b>!</font></td>
</tr>
<tr>
</tr>
</tbody>
</table>
<p></p>
<p>Useful ADOdb links: <a href="http://adodb.sourceforge.net/#download">Download</a>
<a href="http://adodb.sourceforge.net/#docs">Other Docs</a>
</p>
<h3>Introduction</h3>
<p> We store state information specific to a user or web client in
session variables. These session variables persist throughout a
session, as the user moves from page to page. </p>
<p>To use session variables, call session_start() at the beginning of
your web page, before your HTTP headers are sent. Then for every
variable you want to keep alive for the duration of the session, call
session_register($variable_name). By default, the session handler will
keep track of the session by using a cookie. You can save objects or
arrays in session variables also.
</p>
<p>The default method of storing sessions is to store it in a file.
However if you have special needs such as you:
</p>
<ul>
<li>Have multiple web servers that need to share session info</li>
<li>Need to do special processing of each session</li>
<li>Require notification when a session expires</li>
</ul>
<p>Then the ADOdb session handler provides you with the above
additional capabilities by storing the session information as records
in a database table that can be shared across multiple servers. </p>
<p><b>Important Upgrade Notice:</b> Since ADOdb 4.05, the session files
have been moved to its own folder, adodb/session. This is a rewrite
of the session code by Ross Smith. The old session code is in
adodb/session/old. </p>
<h4>ADOdb Session Handler Features</h4>
<ul>
<li>Ability to define a notification function that is called when a
session expires. Typically
used to detect session logout and release global resources. </li>
<li>Optimization of database writes. We crc32 the session data and
only perform an update
to the session data if there is a data change. </li>
<li>Support for large amounts of session data with CLOBs (see
adodb-session-clob.php). Useful
for Oracle. </li>
<li>Support for encrypted session data, see
adodb-cryptsession.inc.php. Enabling encryption is simply a matter of
including adodb-cryptsession.inc.php instead of adodb-session.inc.php. </li>
</ul>
<h3>Setup</h3>
<p>There are 3 session management files that you can use:
</p>
<pre>adodb-session.php : The default<br>adodb-session-clob.php : Use this if you are storing DATA in clobs<br>adodb-cryptsession.php : Use this if you want to store encrypted session data in the database<br><br>
</pre>
<p><strong>Examples</strong>
<p><pre>
<font
color="#004040"> include('adodb/adodb.inc.php');<br> <br><b> $ADODB_SESSION_DRIVER='mysql';<br> $ADODB_SESSION_CONNECT='localhost';<br> $ADODB_SESSION_USER ='scott';<br> $ADODB_SESSION_PWD ='tiger';<br> $ADODB_SESSION_DB ='sessiondb';</b><br> <br> <b>include('adodb/session/adodb-session.php');</b><br> session_start();<br> <br> #<br> # Test session vars, the following should increment on refresh<br> #<br> $_SESSION['AVAR'] += 1;<br> print "<p>\$_SESSION['AVAR']={$_SESSION['AVAR']}</p>";<br></font></pre>
<p>To force non-persistent connections, call adodb_session_open() first before session_start():
<p>
<pre>
<font color="#004040"><br> include('adodb/adodb.inc.php');<br> <br><b> $ADODB_SESSION_DRIVER='mysql';<br> $ADODB_SESSION_CONNECT='localhost';<br> $ADODB_SESSION_USER ='scott';<br> $ADODB_SESSION_PWD ='tiger';<br> $ADODB_SESSION_DB ='sessiondb';</b><br> <br> <b>include('adodb/session/adodb-session.php');<br> adodb_sess_open(false,false,false);</b><br> session_start();<br> </font>
</pre>
<p> The 3rd parameter to adodb_sess_open($path, $sessname, $connectMode) sets the connection method. You can pass in the following:</p>
<table width="50%" border="1">
<tr>
<td><b>$connectMode</b></td>
<td><b>Connection Method</b></td>
</tr>
<tr>
<td>true</td>
<td><p>PConnect( )</p></td>
</tr>
<tr>
<td>false</td>
<td>Connect( )</td>
</tr>
<tr>
<td>'N'</td>
<td>NConnect( )</td>
</tr>
<tr>
<td>'P'</td>
<td>PConnect( )</td>
</tr>
<tr>
<td>'C'</td>
<td>Connect( )</td>
</tr>
</table>
<p>To use a encrypted sessions, simply replace the file adodb-session.php:</p>
<pre> <font
color="#004040"><br> include('adodb/adodb.inc.php');<br> <br><b> $ADODB_SESSION_DRIVER='mysql';<br> $ADODB_SESSION_CONNECT='localhost';<br> $ADODB_SESSION_USER ='scott';<br> $ADODB_SESSION_PWD ='tiger';<br> $ADODB_SESSION_DB ='sessiondb';<br> <br> include('adodb/session/adodb-cryptsession.php');</b><br> session_start();</font><br>
</pre>
<p>And the same technique for adodb-session-clob.php:</p>
<pre> <font
color="#004040"><br> include('adodb/adodb.inc.php');<br> <br><b> $ADODB_SESSION_DRIVER='mysql';<br> $ADODB_SESSION_CONNECT='localhost';<br> $ADODB_SESSION_USER ='scott';<br> $ADODB_SESSION_PWD ='tiger';<br> $ADODB_SESSION_DB ='sessiondb';<br> <br> include('adodb/session/adodb-session-clob.php');</b><br> session_start();</font>
</pre>
<h4>Installation</h4>
<p>1. Create this table in your database (syntax might vary depending on your db):
<p><pre> <a
name="sessiontab"></a> <font color="#004040"><br> create table sessions (<br> SESSKEY char(32) not null,<br> EXPIRY int(11) unsigned not null,<br> EXPIREREF varchar(64),<br> DATA text not null,<br> primary key (sesskey)<br> );</font><br>
</pre>
<p> For the adodb-session-clob.php version, create this:
<p> <pre>
<font
color="#004040"><br> create table sessions (<br> SESSKEY char(32) not null,<br> EXPIRY int(11) unsigned not null,<br> EXPIREREF varchar(64),<br> DATA CLOB,<br> primary key (sesskey)<br> );</font>
</pre>
<p>2. Then define the following parameters. You can either modify this file, or define them before this file is included:
<pre> <font
color="#004040"><br> $ADODB_SESSION_DRIVER='database driver, eg. mysql or ibase';<br> $ADODB_SESSION_CONNECT='server to connect to';<br> $ADODB_SESSION_USER ='user';<br> $ADODB_SESSION_PWD ='password';<br> $ADODB_SESSION_DB ='database';<br> $ADODB_SESSION_TBL = 'sessions'; # setting this is optional<br> </font>
</pre><p>
When the session is created, $<b>ADODB_SESS_CONN</b> holds the connection object.<br> <br> 3. Recommended is PHP 4.0.6 or later. There are documented session bugs in earlier versions of PHP.
<h3>Notifications</h3>
<p>If you want to receive notification when a session expires, then tag
the session record with a <a href="#sessiontab">EXPIREREF</a> tag (see
the definition of the sessions table above). Before any session record
is deleted, ADOdb will call a notification function, passing in the
EXPIREREF.
</p>
<p>When a session is first created, we check a global variable
$ADODB_SESSION_EXPIRE_NOTIFY. This is an array with 2 elements, the
first being the name of the session variable you would like to store in
the EXPIREREF field, and the 2nd is the notification function's name. </p>
<p> Suppose we want to be notified when a user's session has expired,
based on the userid. The user id in the global session variable
$USERID. The function name is 'NotifyFn'. So we define: </p>
<pre> <font color="#004040"><br> $ADODB_SESSION_EXPIRE_NOTIFY = array('USERID','NotifyFn');<br> </font></pre>
And when the NotifyFn is called (when the session expires), we pass the
$USERID as the first parameter, eg. NotifyFn($userid, $sesskey). The
session key (which is the primary key of the record in the sessions
table) is the 2nd parameter.
<p> Here is an example of a Notification function that deletes some
records in the database and temporary files: </p>
<pre><font color="#004040"><br> function NotifyFn($expireref, $sesskey)<br> {<br> global $ADODB_SESS_CONN; # the session connection object<br><br> $user = $ADODB_SESS_CONN->qstr($expireref);<br> $ADODB_SESS_CONN->Execute("delete from shopping_cart where user=$user");<br> system("rm /work/tmpfiles/$expireref/*");<br> }</font><br> </pre>
<p> NOTE 1: If you have register_globals disabled in php.ini, then you
will have to manually set the EXPIREREF. E.g. </p>
<pre> <font color="#004040">
$GLOBALS['USERID'] =& $_SESSION['USERID'];
$ADODB_SESSION_EXPIRE_NOTIFY = array('USERID','NotifyFn');</font>
</pre>
<p> NOTE 2: If you want to change the EXPIREREF after the session
record has been created, you will need to modify any session variable
to force a database record update.
</p>
<h4>Neat Notification Tricks</h4>
<p><i>ExpireRef</i> normally holds the user id of the current session.
</p>
<p>1. You can then write a session monitor, scanning expireref to see
who is currently logged on.
</p>
<p>2. If you delete the sessions record for a specific user, eg.
</p>
<pre>delete from sessions where expireref = '$USER'<br></pre>
then the user is logged out. Useful for ejecting someone from a
site.
<p>3. You can scan the sessions table to ensure no user
can be logged in twice. Useful for security reasons.
</p>
<h3>Compression/Encryption Schemes</h3>
Since ADOdb 4.05, thanks to Ross Smith, multiple encryption and
compression schemes are supported. Currently, supported are:
<p>
<pre> MD5Crypt (crypt.inc.php)<br> MCrypt<br> Secure (Horde's emulation of MCrypt, if MCrypt module is not available.)<br> GZip<br> BZip2<br></pre>
<p>These are stackable. E.g.
<p><pre>ADODB_Session::filter(new ADODB_Compress_Bzip2());<br>ADODB_Session::filter(new ADODB_Encrypt_MD5());<br></pre>
will compress and then encrypt the record in the database.
<p>Also see the <a href="docs-adodb.htm">core ADOdb documentation</a>.
</p>
</body>
</html>
|