| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 2 <html> 3 <head> 4 <title>ADODB Session Management Manual</title> 5 <meta http-equiv="Content-Type" 6 content="text/html; charset=iso-8859-1"> 7 <style type="text/css"> 8 body, td { 9 /*font-family: Arial, Helvetica, sans-serif;*/ 10 font-size: 11pt; 11 } 12 pre { 13 font-size: 9pt; 14 background-color: #EEEEEE; padding: .5em; margin: 0px; 15 } 16 .toplink { 17 font-size: 8pt; 18 } 19 </style> 20 </head> 21 <body style="background-color: rgb(255, 255, 255);"> 22 <h3>ADODB Session Management Manual</h3> 23 <p> 24 V4.65 22 July 2005 (c) 2000-2005 John Lim (jlim#natsoft.com.my) 25 </p> 26 <p> <font size="1">This software is dual licensed using BSD-Style and 27 LGPL. This means you can use it in compiled proprietary and commercial 28 products. </font> 29 <p>Useful ADOdb links: <a href="http://adodb.sourceforge.net/#download">Download</a> 30 <a href="http://adodb.sourceforge.net/#docs">Other Docs</a> 31 </p> 32 <h3>Introduction</h3> 33 <p> We store state information specific to a user or web client in 34 session variables. These session variables persist throughout a 35 session, as the user moves from page to page. </p> 36 <p>To use session variables, call session_start() at the beginning of 37 your web page, before your HTTP headers are sent. Then for every 38 variable you want to keep alive for the duration of the session, call 39 session_register($variable_name). By default, the session handler will 40 keep track of the session by using a cookie. You can save objects or 41 arrays in session variables also. 42 </p> 43 <p>The default method of storing sessions is to store it in a file. 44 However if you have special needs such as you: 45 </p> 46 <ul> 47 <li>Have multiple web servers that need to share session info</li> 48 <li>Need to do special processing of each session</li> 49 <li>Require notification when a session expires</li> 50 </ul> 51 <p>The ADOdb session handler provides you with the above 52 additional capabilities by storing the session information as records 53 in a database table that can be shared across multiple servers. </p> 54 <p>These records will be garbage collected based on the php.ini [session] timeout settings. 55 You can register a notification function to notify you when the record has expired and 56 is about to be freed by the garbage collector.</p> 57 <p><b>Important Upgrade Notice:</b> Since ADOdb 4.05, the session files 58 have been moved to its own folder, adodb/session. This is a rewrite 59 of the session code by Ross Smith. The old session code is in 60 adodb/session/old. </p> 61 <h4>ADOdb Session Handler Features</h4> 62 <ul> 63 <li>Ability to define a notification function that is called when a 64 session expires. Typically 65 used to detect session logout and release global resources. </li> 66 <li>Optimization of database writes. We crc32 the session data and 67 only perform an update 68 to the session data if there is a data change. </li> 69 <li>Support for large amounts of session data with CLOBs (see 70 adodb-session-clob.php). Useful 71 for Oracle. </li> 72 <li>Support for encrypted session data, see 73 adodb-cryptsession.inc.php. Enabling encryption is simply a matter of 74 including adodb-cryptsession.inc.php instead of adodb-session.inc.php. </li> 75 </ul> 76 <h3>Setup</h3> 77 <p>There are 3 session management files that you can use: 78 </p> 79 <pre>adodb-session.php : The default<br>adodb-session-clob.php : Use this if you are storing DATA in clobs<br>adodb-cryptsession.php : Use this if you want to store encrypted session data in the database<br><br> 80 </pre> 81 <p><strong>Examples</strong> 82 <p><pre> 83 <font 84 color="#004040"> include('adodb/adodb.inc.php');<br> <br><b> $ADODB_SESSION_DRIVER='mysql';<br> $ADODB_SESSION_CONNECT='localhost';<br> $ADODB_SESSION_USER ='scott';<br> $ADODB_SESSION_PWD ='tiger';<br> $ADODB_SESSION_DB ='sessiondb';</b><br> <br> <b>include('adodb/session/adodb-session.php');</b><br> session_start();<br> <br> #<br> # Test session vars, the following should increment on refresh<br> #<br> $_SESSION['AVAR'] += 1;<br> print "<p>\$_SESSION['AVAR']={$_SESSION['AVAR']}</p>";<br></font></pre> 85 86 <p>To force non-persistent connections, call adodb_session_open() first before session_start(): 87 <p> 88 <pre> 89 <font color="#004040"><br> include('adodb/adodb.inc.php');<br> <br><b> $ADODB_SESSION_DRIVER='mysql';<br> $ADODB_SESSION_CONNECT='localhost';<br> $ADODB_SESSION_USER ='scott';<br> $ADODB_SESSION_PWD ='tiger';<br> $ADODB_SESSION_DB ='sessiondb';</b><br> <br> <b>include('adodb/session/adodb-session.php');<br> adodb_sess_open(false,false,false);</b><br> session_start();<br> </font> 90 </pre> 91 <p> The 3rd parameter to adodb_sess_open($path, $sessname, $connectMode) sets the connection method. You can pass in the following:</p> 92 <table width="50%" border="1"> 93 <tr> 94 <td><b>$connectMode</b></td> 95 <td><b>Connection Method</b></td> 96 </tr> 97 <tr> 98 <td>true</td> 99 <td><p>PConnect( )</p></td> 100 </tr> 101 <tr> 102 <td>false</td> 103 <td>Connect( )</td> 104 </tr> 105 <tr> 106 <td>'N'</td> 107 <td>NConnect( )</td> 108 </tr> 109 <tr> 110 <td>'P'</td> 111 <td>PConnect( )</td> 112 </tr> 113 <tr> 114 <td>'C'</td> 115 <td>Connect( )</td> 116 </tr> 117 </table> 118 <p>To use a encrypted sessions, simply replace the file adodb-session.php:</p> 119 <pre> <font 120 color="#004040"><br> include('adodb/adodb.inc.php');<br> <br><b> $ADODB_SESSION_DRIVER='mysql';<br> $ADODB_SESSION_CONNECT='localhost';<br> $ADODB_SESSION_USER ='scott';<br> $ADODB_SESSION_PWD ='tiger';<br> $ADODB_SESSION_DB ='sessiondb';<br> <br> include('adodb/session/adodb-cryptsession.php');</b><br> session_start();</font><br> 121 </pre> 122 <p>And the same technique for adodb-session-clob.php:</p> 123 <pre> <font 124 color="#004040"><br> include('adodb/adodb.inc.php');<br> <br><b> $ADODB_SESSION_DRIVER='mysql';<br> $ADODB_SESSION_CONNECT='localhost';<br> $ADODB_SESSION_USER ='scott';<br> $ADODB_SESSION_PWD ='tiger';<br> $ADODB_SESSION_DB ='sessiondb';<br> <br> include('adodb/session/adodb-session-clob.php');</b><br> session_start();</font> 125 </pre> 126 <h4>Installation</h4> 127 <p>1. Create this table in your database (syntax might vary depending on your db): 128 <p><pre> <a 129 name="sessiontab"></a> <font color="#004040"><br> create table sessions (<br> SESSKEY char(32) not null,<br> EXPIRY int(11) unsigned not null,<br> EXPIREREF varchar(64),<br> DATA text not null,<br> primary key (sesskey)<br> );</font><br> 130 </pre> 131 <p> For the adodb-session-clob.php version, create this: 132 <p> <pre> 133 <font 134 color="#004040"><br> create table sessions (<br> SESSKEY char(32) not null,<br> EXPIRY int(11) unsigned not null,<br> EXPIREREF varchar(64),<br> DATA CLOB,<br> primary key (sesskey)<br> );</font> 135 </pre> 136 <p>2. Then define the following parameters. You can either modify this file, or define them before this file is included: 137 <pre> <font 138 color="#004040"><br> $ADODB_SESSION_DRIVER='database driver, eg. mysql or ibase';<br> $ADODB_SESSION_CONNECT='server to connect to';<br> $ADODB_SESSION_USER ='user';<br> $ADODB_SESSION_PWD ='password';<br> $ADODB_SESSION_DB ='database';<br> $ADODB_SESSION_TBL = 'sessions'; # setting this is optional<br> </font> 139 </pre><p> 140 When the session is created, $<b>ADODB_SESS_CONN</b> holds the connection object.<br> <br> 3. Recommended is PHP 4.0.6 or later. There are documented session bugs in earlier versions of PHP. 141 <h3>Notifications</h3> 142 <p>You can receive notification when your session is cleaned up by the session garbage collector or 143 when you call session_destroy(). 144 <p>PHP's session extension will automatically run a special garbage collection function based on 145 your php.ini session.cookie_lifetime and session.gc_probability settings. This will in turn call 146 adodb's garbage collection function, which can be setup to do notification. 147 <p> 148 <pre> 149 PHP Session --> ADOdb Session --> Find all recs --> Send --> Delete queued 150 GC Function GC Function to be deleted notification records 151 executed at called by for all recs 152 random time Session Extension queued for deletion 153 </pre> 154 <p>When a session is created, we need to store a value in the session record (in the EXPIREREF field), typically 155 the userid of the session. Later when the session has expired, just before the record is deleted, 156 we reload the EXPIREREF field and call the notification function with the value of EXPIREREF, which 157 is the userid of the person being logged off. 158 <p>ADOdb use a global variable $ADODB_SESSION_EXPIRE_NOTIFY that you must predefine before session 159 start to store the notification configuratioin. 160 $ADODB_SESSION_EXPIRE_NOTIFY is an array with 2 elements, the 161 first being the name of the session variable you would like to store in 162 the EXPIREREF field, and the 2nd is the notification function's name. </p> 163 <p>For example, suppose we want to be notified when a user's session has expired, 164 based on the userid. When the user logs in, we store the id in the global session variable 165 $USERID. The function name is 'NotifyFn'. 166 <p> 167 So we define (before session_start() is called): </p> 168 <pre> <font color="#004040"><br> $ADODB_SESSION_EXPIRE_NOTIFY = array('USERID','NotifyFn');<br> </font></pre> 169 And when the NotifyFn is called (when the session expires), the 170 $USERID is passed in as the first parameter, eg. NotifyFn($userid, $sesskey). The 171 session key (which is the primary key of the record in the sessions 172 table) is the 2nd parameter. 173 <p> Here is an example of a Notification function that deletes some 174 records in the database and temporary files: </p> 175 <pre><font color="#004040"><br> function NotifyFn($expireref, $sesskey)<br> {<br> global $ADODB_SESS_CONN; # the session connection object<br><br> $user = $ADODB_SESS_CONN->qstr($expireref);<br> $ADODB_SESS_CONN->Execute("delete from shopping_cart where user=$user");<br> system("rm /work/tmpfiles/$expireref/*");<br> }</font><br> </pre> 176 <p> NOTE 1: If you have register_globals disabled in php.ini, then you 177 will have to manually set the EXPIREREF. E.g. </p> 178 <pre> <font color="#004040"> 179 $GLOBALS['USERID'] =& $_SESSION['USERID']; 180 $ADODB_SESSION_EXPIRE_NOTIFY = array('USERID','NotifyFn');</font> 181 </pre> 182 <p> NOTE 2: If you want to change the EXPIREREF after the session 183 record has been created, you will need to modify any session variable 184 to force a database record update. 185 </p> 186 <h4>Neat Notification Tricks</h4> 187 <p><i>ExpireRef</i> normally holds the user id of the current session. 188 </p> 189 <p>1. You can then write a session monitor, scanning expireref to see 190 who is currently logged on. 191 </p> 192 <p>2. If you delete the sessions record for a specific user, eg. 193 </p> 194 <pre>delete from sessions where expireref = '$USER'<br></pre> 195 then the user is logged out. Useful for ejecting someone from a 196 site. 197 <p>3. You can scan the sessions table to ensure no user 198 can be logged in twice. Useful for security reasons. 199 </p> 200 <h3>Compression/Encryption Schemes</h3> 201 Since ADOdb 4.05, thanks to Ross Smith, multiple encryption and 202 compression schemes are supported. Currently, supported are: 203 <p> 204 <pre> MD5Crypt (crypt.inc.php)<br> MCrypt<br> Secure (Horde's emulation of MCrypt, if MCrypt module is not available.)<br> GZip<br> BZip2<br></pre> 205 <p>These are stackable. E.g. 206 <p><pre>ADODB_Session::filter(new ADODB_Compress_Bzip2());<br>ADODB_Session::filter(new ADODB_Encrypt_MD5());<br></pre> 207 will compress and then encrypt the record in the database. 208 <h3>adodb_session_regenerate_id()</h3> 209 <p>Dynamically change the current session id with a newly generated one and update database. Currently only 210 works with cookies. Useful to improve security by reducing the risk of session-hijacking. 211 See this article on <a href=http://shiflett.org/articles/security-corner-feb2004>Session Fixation</a> for more info 212 on the theory behind this feature. Usage: 213 <pre> 214 $ADODB_SESSION_DRIVER='mysql'; 215 $ADODB_SESSION_CONNECT='localhost'; 216 $ADODB_SESSION_USER ='root'; 217 $ADODB_SESSION_PWD ='abc'; 218 $ADODB_SESSION_DB ='phplens'; 219 220 include('path/to/adodb/session/adodb-session.php'); 221 222 session_start(); 223 # Every 10 page loads, reset cookie for safety. 224 # This is extremely simplistic example, better 225 # to regenerate only when the user logs in or changes 226 # user privilege levels. 227 if ((rand()%10) == 0) adodb_session_regenerate_id(); </pre> 228 <p>This function calls session_regenerate_id() internally or simulates it if the function does not exist. 229 <h2>More Info</h2> 230 <p>Also see the <a href="docs-adodb.htm">core ADOdb documentation</a>. 231 </p> 232 </body> 233 </html>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |