 |
|
|
|
Next: Is HTMLPurifier effective, safe and reliable
|
| Author |
Message |
External
Since: Nov 29, 2007
Posts: 8
|
(Msg. 1) Posted: Mon Jan 21, 2008 5:33 am
Post subject: Sessions
Archived from groups: comp>lang>php (more info?)
|
|
|
Hi,
My site works on sessions. Currently when a user logs in, I store all
information in a database table. Whenever the user does something, I
check the database to see if the session is active. If so, I update
the date and time and then update the other tables. If the seesion is
not active, I ask him to enter his password again. A cron job runs
every 30 mins to clean up the inactive sessions.
The problem with this approach is that it puts a huge load on the
database server as for every activity I have to check one table and
based on its value, I perform other operations. What could be a more
effective way of handling this ? I cannot rely on the session file
created when I start a session because if a user closes the browser
window without logging out, I should be able to mark that session as
closed.
Thanks
Pankaj |
|
| Back to top |
|
 | |
External
Since: Jan 21, 2008
Posts: 2
|
(Msg. 2) Posted: Mon Jan 21, 2008 7:38 am
Post subject: Re: Sessions [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On jan. 21, 14:33, Pankaj wrote:
> Hi,
>
> My site works on sessions. Currently when a user logs in, I store all
> information in a database table. Whenever the user does something, I
> check the database to see if the session is active. If so, I update
> the date and time and then update the other tables. If the seesion is
> not active, I ask him to enter his password again. A cron job runs
> every 30 mins to clean up the inactive sessions.
>
> The problem with this approach is that it puts a huge load on the
> database server as for every activity I have to check one table and
> based on its value, I perform other operations. What could be a more
> effective way of handling this ? I cannot rely on the session file
> created when I start a session because if a user closes the browser
> window without logging out, I should be able to mark that session as
> closed.
>
> Thanks
> Pankaj
CREATE TABLE `session` (
id not null auto_increment primary_key,
...
phpsessid ...,
...
login datetime
);
ok... Sry... This is a very stupid sample... I don't know what you
want logging...
And now... If the user visit the site you check `session`.`login`
field.... login-current time... if negative Get her/his password...
And...
session_start();
session_cache_expire(time() + 60 * MINUTE_LIMIT);
I think... nuff sed... |
|
| Back to top |
|
| |
External
Since: Jan 21, 2008
Posts: 2
|
(Msg. 3) Posted: Mon Jan 21, 2008 7:43 am
Post subject: Re: Sessions [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On jan. 21, 14:33, Pankaj wrote:
> Hi,
>
> My site works on sessions. Currently when a user logs in, I store all
> information in a database table. Whenever the user does something, I
> check the database to see if the session is active. If so, I update
> the date and time and then update the other tables. If the seesion is
> not active, I ask him to enter his password again. A cron job runs
> every 30 mins to clean up the inactive sessions.
>
> The problem with this approach is that it puts a huge load on the
> database server as for every activity I have to check one table and
> based on its value, I perform other operations. What could be a more
> effective way of handling this ? I cannot rely on the session file
> created when I start a session because if a user closes the browser
> window without logging out, I should be able to mark that session as
> closed.
>
> Thanks
> Pankaj
oh... and... into the table... UID... One User One Sessid... if the
session is... time out...at the next UserLogin... You update her/his
rowin the session table ^_^ is not in this manner duplicating and it
is not necessary to deal with the unnecessary entries very much. >> Stay informed about: Sessions |
|
| Back to top |
|
| |
External
Since: Nov 29, 2007
Posts: 8
|
(Msg. 4) Posted: Mon Jan 21, 2008 10:33 pm
Post subject: Re: Sessions [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
>
> oh... and... into the table... UID... One User One Sessid... if the
> session is... time out...at the next UserLogin... You update her/his
> rowin the session table ^_^ is not in this manner duplicating and it
> is not necessary to deal with the unnecessary entries very much.
I still have to update the table everytime I have to perform an
operation any other table. My site typically has 300 users at any
given instance and I need to check and update this table around 300
times in 10 secs before I can work on any other table. This causes an
unnecessary delay and load. >> Stay informed about: Sessions |
|
| Back to top |
|
| |
External
Since: Nov 21, 2007
Posts: 73
|
(Msg. 5) Posted: Tue Jan 22, 2008 1:32 am
Post subject: Re: Sessions [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On 22 Jan, 06:33, Pankaj wrote:
> > oh... and... into the table... UID... One User One Sessid... if the
> > session is... time out...at the next UserLogin... You update her/his
> > rowin the session table ^_^ is not in this manner duplicating and it
> > is not necessary to deal with the unnecessary entries very much.
>
> I still have to update the table everytime I have to perform an
> operation any other table. My site typically has 300 users at any
> given instance and I need to check and update this table around 300
> times in 10 secs before I can work on any other table. This causes an
> unnecessary delay and load.
That's not a huge amount of traffic - if your DB schema is set up
properly there should be little difference compared with using files
for sessions.
> Whenever the user does something, I
> check the database to see if the session is active. If so, I update
> the date and time and then update the other tables.
If you're using PHP sessions and a database bound session handler....
The session should always be stored at the end of each request - if
you're writing the session data manually for each request then you're
doubling the workload. Also, the session will be loaded automatically
as soon as you call session_start() from your code - if (!
count($_SESSION)) then the user doesn't have a current session - no
need to refer to the database again.
C. >> Stay informed about: Sessions |
|
| Back to top |
|
| |
External
Since: Aug 11, 2004
Posts: 1367
|
(Msg. 6) Posted: Tue Jan 22, 2008 8:20 am
Post subject: Re: Sessions [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Pankaj wrote:
> Hi,
>
> My site works on sessions. Currently when a user logs in, I store all
> information in a database table. Whenever the user does something, I
> check the database to see if the session is active. If so, I update
> the date and time and then update the other tables. If the seesion is
> not active, I ask him to enter his password again. A cron job runs
> every 30 mins to clean up the inactive sessions.
>
> The problem with this approach is that it puts a huge load on the
> database server as for every activity I have to check one table and
> based on its value, I perform other operations. What could be a more
> effective way of handling this ? I cannot rely on the session file
> created when I start a session because if a user closes the browser
> window without logging out, I should be able to mark that session as
> closed.
>
> Thanks
> Pankaj
>
I still don't understand why you're going through all this trouble. Why
aren't you just storing the data in the session itself? That's what
it's there for.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex DeleteThis @attglobal.net
================== >> Stay informed about: Sessions |
|
| Back to top |
|
| |
External
Since: Jan 18, 2008
Posts: 40
|
(Msg. 7) Posted: Wed Jan 23, 2008 9:05 am
Post subject: Re: Sessions [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Jerry Stuckle wrote:
> Pankaj wrote:
>
>> I cannot rely on the session file created when I start a session
>> because if a user closes the browser window without logging out, I
>> should be able to mark that session as closed.
>
> I still don't understand why you're going through all this trouble. Why
> aren't you just storing the data in the session itself? That's what
> it's there for.
Indeed. PHP tidies up session files after a specified period of inactivity
in much the same way as he's described his own code doing.
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 23 days, 21:19.]
CSS to HTML Compiler
http://tobyinkster.co.uk/blog/2008/01/22/css-compile/ >> Stay informed about: Sessions |
|
| Back to top |
|
| |
| Related Topics: | new to sessions - escuse me the keyboard in Tallin airport i work on http://panbaltica.com/docman/action_popup.php i have one session_start which causes 2 errors i send headers not to cache the page then the session_start - it should be elsewhere it is a test - anyway, ...
New to Sessions 2 - Hi! I started a thread app 2 weeks ago and redlied to that, but it seems to be so low in the list, that it will not be seen. My problem - I need to transfer the sesstion to another page? say page1.php goes to page2.php ( <a href="page2.php&quo...
URL masking when using PHP sessions. - We have a huge PHP e-commerce site that relies totally on PHP sessions and cookies. We need to create a demo version of the site for potential clients to use that does NOT show the original URL in the browser, but we can't just simply copy the site and..
sessions and security - Hi Everyone- I was reading a few posts about sessions and security, and it seems that the best way to address sessions security is to require authentication every time the user needs to get to sensitive data (or protect the session data with SSL). In..
Strange things with sessions - Hi, I have problems with this following script that is called from page1.php and then go back to the calling page. But it seems the SESSION values are not saved properly, for in the calling page they are empty. This is the script: <?php.. |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
