egroupware_official/phpgwapi/inc/adodb/docs/docs-session.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <title>ADODB Session Management Manual</title>
  <meta http-equiv="Content-Type"
 content="text/html; charset=iso-8859-1">
  <style type="text/css">
body, td {
/*font-family: Arial, Helvetica, sans-serif;*/
font-size: 11pt;
}
pre {
font-size: 9pt;
background-color: #EEEEEE; padding: .5em; margin: 0px;
}
.toplink {
font-size: 8pt;
}
  </style>
</head>
<body style="background-color: rgb(255, 255, 255);">
<h3>ADODB Session Management Manual</h3>
<p>
V4.50 6 July 2004 (c) 2000-2004 John Lim (jlim#natsoft.com.my)
</p>
<p> <font size="1">This software is dual licensed using BSD-Style and
LGPL. This means you can use it in compiled proprietary and commercial
products. </font>
<table border="1">
  <tbody>
    <tr>
      <td><font color="red">Kindly note that the ADOdb home page has
moved to <a href="http://adodb.sourceforge.net/">http://adodb.sourceforge.net/</a>
because of the persistent unreliability of http://php.weblogs.com. <b>Please
change your links</b>!</font></td>
    </tr>
    <tr>
    </tr>
  </tbody>
</table>
</p>
<p>Useful ADOdb links: <a href="http://adodb.sourceforge.net/#download">Download</a>
&nbsp; <a href="http://adodb.sourceforge.net/#docs">Other Docs</a>
</p>
<h3>Introduction</h3>
<p> We store state information specific to a user or web client in
session variables. These session variables persist throughout a
session, as the user moves from page to page. </p>
<p>To use session variables, call session_start() at the beginning of
your web page, before your HTTP headers are sent. Then for every
variable you want to keep alive for the duration of the session, call
session_register($variable_name). By default, the session handler will
keep track of the session by using a cookie. You can save objects or
arrays in session variables also.
</p>
<p>The default method of storing sessions is to store it in a file.
However if you have special needs such as you:
</p>
<ul>
  <li>Have multiple web servers that need to share session info</li>
  <li>Need to do special processing of each session</li>
  <li>Require notification when a session expires</li>
</ul>
<p>Then the ADOdb session handler provides you with the above
additional capabilities by storing the session information as records
in a database table that can be shared across multiple servers. </p>
<p><b>Important Upgrade Notice:</b> Since ADOdb 4.05, the session files
have been moved to its own folder, adodb/session. This is a rewrite
of the session code by Ross Smith. The old session code is in
adodb/session/old. </p>
<h4>ADOdb Session Handler Features</h4>
<ul>
  <li>Ability to define a notification function that is called when a
session expires. Typically
used to detect session logout and release global resources. </li>
  <li>Optimization of database writes. We crc32 the session data and
only perform an update
to the session data if there is a data change. </li>
  <li>Support for large amounts of session data with CLOBs (see
adodb-session-clob.php). Useful
for Oracle. </li>
  <li>Support for encrypted session data, see
adodb-cryptsession.inc.php. Enabling encryption is simply a matter of
including adodb-cryptsession.inc.php instead of adodb-session.inc.php. </li>
</ul>
<h3>Setup</h3>
<p>There are 3 session management files that you can use:
</p>
<pre>adodb-session.php        : The default<br>adodb-session-clob.php   : Use this if you are storing DATA in clobs<br>adodb-cryptsession.php   : Use this if you want to store encrypted session data in the database<br><br>
</pre>
<p><strong>Examples</strong>
<p><pre>
 <font
 color="#004040">    include('adodb/adodb.inc.php');<br>    <br><b>    $ADODB_SESSION_DRIVER='mysql';<br>    $ADODB_SESSION_CONNECT='localhost';<br>    $ADODB_SESSION_USER ='scott';<br>    $ADODB_SESSION_PWD ='tiger';<br>    $ADODB_SESSION_DB ='sessiondb';</b><br>    <br>    <b>include('adodb/session/adodb-session.php');</b><br>    session_start();<br>    <br>    #<br>    # Test session vars, the following should increment on refresh<br>    #<br>    $_SESSION['AVAR'] += 1;<br>    print "&lt;p&gt;\$_SESSION['AVAR']={$_SESSION['AVAR']}&lt;/p&gt;";<br></font></pre>
 <p>To force non-persistent connections, call adodb_session_open first before session_start():<p>
 <pre>
 <font color="#004040"><br>    include('adodb/adodb.inc.php');<br>    <br><b>    $ADODB_SESSION_DRIVER='mysql';<br>    $ADODB_SESSION_CONNECT='localhost';<br>    $ADODB_SESSION_USER ='scott';<br>    $ADODB_SESSION_PWD ='tiger';<br>    $ADODB_SESSION_DB ='sessiondb';</b><br>    <br>    <b>include('adodb/session/adodb-session.php');<br>    adodb_sess_open(false,false,false);</b><br>    session_start();<br> </font>
 </pre>
<p> To use a encrypted sessions, simply replace the file adodb-session.php:</p>
 <pre> <font
 color="#004040"><br>    include('adodb/adodb.inc.php');<br>    <br><b>    $ADODB_SESSION_DRIVER='mysql';<br>    $ADODB_SESSION_CONNECT='localhost';<br>    $ADODB_SESSION_USER ='scott';<br>    $ADODB_SESSION_PWD ='tiger';<br>    $ADODB_SESSION_DB ='sessiondb';<br>    <br>    include('adodb/session/adodb-cryptsession.php');</b><br>    session_start();</font><br>
 </pre>
 <p>And the same technique for adodb-session-clob.php:</p>
 <pre>  <font
 color="#004040"><br>    include('adodb/adodb.inc.php');<br>    <br><b>    $ADODB_SESSION_DRIVER='mysql';<br>    $ADODB_SESSION_CONNECT='localhost';<br>    $ADODB_SESSION_USER ='scott';<br>    $ADODB_SESSION_PWD ='tiger';<br>    $ADODB_SESSION_DB ='sessiondb';<br>    <br>    include('adodb/session/adodb-session-clob.php');</b><br>    session_start();</font>
 </pre>
 <h4>Installation</h4>
<p>1. Create this table in your database (syntax might vary depending on your db):
<p><pre> <a
 name="sessiontab"></a> <font color="#004040"><br>  create table sessions (<br>       SESSKEY char(32) not null,<br>       EXPIRY int(11) unsigned not null,<br>       EXPIREREF varchar(64),<br>       DATA text not null,<br>      primary key (sesskey)<br>  );</font><br> 
 </pre>
 <p> For the adodb-session-clob.php version, create this:
<p>  <pre>
    <font
 color="#004040"><br>    create table sessions (<br>       SESSKEY char(32) not null,<br>       EXPIRY int(11) unsigned not null,<br>       EXPIREREF varchar(64),<br>       DATA CLOB,<br>      primary key (sesskey)<br>  );</font>
 </pre>
 <p>2. Then define the following parameters. You can either modify this file, or define them before this file is included:
 <pre>      <font
 color="#004040"><br>    $ADODB_SESSION_DRIVER='database driver, eg. mysql or ibase';<br>    $ADODB_SESSION_CONNECT='server to connect to';<br>    $ADODB_SESSION_USER ='user';<br>    $ADODB_SESSION_PWD ='password';<br>    $ADODB_SESSION_DB ='database';<br>    $ADODB_SESSION_TBL = 'sessions'; # setting this is optional<br>	</font>
 </pre><p>
     When the session is created, $<b>ADODB_SESS_CONN</b> holds the connection object.<br>    <br>  3. Recommended is PHP 4.0.6 or later. There are documented session bugs in earlier versions of PHP.
<h3>Notifications</h3>
<p>If you want to receive notification when a session expires, then tag
the session record with a <a href="#sessiontab">EXPIREREF</a> tag (see
the definition of the sessions table above). Before any session record
is deleted, ADOdb will call a notification function, passing in the
EXPIREREF.
</p>
<p>When a session is first created, we check a global variable
$ADODB_SESSION_EXPIRE_NOTIFY. This is an array with 2 elements, the
first being the name of the session variable you would like to store in
the EXPIREREF field, and the 2nd is the notification function's name. </p>
<p> Suppose we want to be notified when a user's session has expired,
based on the userid. The user id in the global session variable
$USERID. The function name is 'NotifyFn'. So we define: </p>
<pre> <font color="#004040"><br>        $ADODB_SESSION_EXPIRE_NOTIFY = array('USERID','NotifyFn');<br>    </font></pre>
And when the NotifyFn is called (when the session expires), we pass the
$USERID as the first parameter, eg. NotifyFn($userid, $sesskey). The
session key (which is the primary key of the record in the sessions
table) is the 2nd parameter.
<p> Here is an example of a Notification function that deletes some
records in the database and temporary files: </p>
<pre><font color="#004040"><br>        function NotifyFn($expireref, $sesskey)<br>        {<br>        global $ADODB_SESS_CONN; # the session connection object<br><br>          $user = $ADODB_SESS_CONN-&gt;qstr($expireref);<br>          $ADODB_SESS_CONN-&gt;Execute("delete from shopping_cart where user=$user");<br>          system("rm /work/tmpfiles/$expireref/*");<br>        }</font><br>    </pre>
<p> NOTE 1: If you have register_globals disabled in php.ini, then you
will have to manually set the EXPIREREF. E.g. </p>
<pre> <font color="#004040">
    $GLOBALS['USERID'] =&amp; $_SESSION['USERID'];
    $ADODB_SESSION_EXPIRE_NOTIFY = array('USERID','NotifyFn');</font>
</pre>
<p> NOTE 2: If you want to change the EXPIREREF after the session
record has been created, you will need to modify any session variable
to force a database record update.
</p>
<h4>Neat Notification Tricks</h4>
<p><i>ExpireRef</i> normally holds the user id of the current session.
</p>
<p>1. You can then write a session monitor, scanning expireref to see
who is currently logged on.
</p>
<p>2. If you delete the sessions record for a specific user, eg.
</p>
<pre>delete from sessions where expireref = '$USER'<br></pre>
then the user is logged out. Useful for ejecting someone from a
site.
<p>3. You can scan the sessions table to ensure no user
can be logged in twice. Useful for security reasons.
</p>
<h3>Compression/Encryption Schemes</h3>
Since ADOdb 4.05, thanks to Ross Smith, multiple encryption and
compression schemes are supported. Currently, supported are:
<p>
<pre>  MD5Crypt (crypt.inc.php)<br>  MCrypt<br>  Secure (Horde's emulation of MCrypt, if MCrypt module is not available.)<br>  GZip<br>  BZip2<br></pre>
<p>These are stackable. E.g.
<p><pre>ADODB_Session::filter(new ADODB_Compress_Bzip2());<br>ADODB_Session::filter(new ADODB_Encrypt_MD5());<br></pre>
will compress and then encrypt the record in the database.
<p>Also see the <a href="docs-adodb.htm">core ADOdb documentation</a>.
</p>
</body>
</html>