forked from extern/egroupware
132 lines
3.7 KiB
Plaintext
132 lines
3.7 KiB
Plaintext
John,
|
|
|
|
I have been an extremely satisfied ADODB user for several years now.
|
|
|
|
To give you something back for all your hard work, I've spent the last 3
|
|
days rewriting the adodb-session.php code.
|
|
|
|
----------
|
|
What's New
|
|
----------
|
|
|
|
Here's a list of the new code's benefits:
|
|
|
|
* Combines the functionality of the three files:
|
|
|
|
adodb-session.php
|
|
adodb-session-clob.php
|
|
adodb-cryptsession.php
|
|
|
|
each with very similar functionality, into a single file adodb-session.php.
|
|
This will ease maintenance and support issues.
|
|
|
|
* Supports multiple encryption and compression schemes.
|
|
Currently, we support:
|
|
|
|
MD5Crypt (crypt.inc.php)
|
|
MCrypt
|
|
Secure (Horde's emulation of MCrypt, if MCrypt module is not available.)
|
|
GZip
|
|
BZip2
|
|
|
|
These can be stacked, so if you want to compress and then encrypt your
|
|
session data, it's easy.
|
|
Also, the built-in MCrypt functions will be *much* faster, and more secure,
|
|
than the MD5Crypt code.
|
|
|
|
* adodb-session.php contains a single class ADODB_Session that encapsulates
|
|
all functionality.
|
|
This eliminates the use of global vars and defines (though they are
|
|
supported for backwards compatibility).
|
|
|
|
* All user defined parameters are now static functions in the ADODB_Session
|
|
class.
|
|
|
|
New parameters include:
|
|
|
|
* encryptionKey(): Define the encryption key used to encrypt the session.
|
|
Originally, it was a hard coded string.
|
|
|
|
* persist(): Define if the database will be opened in persistent mode.
|
|
Originally, the user had to call adodb_sess_open().
|
|
|
|
* dataFieldName(): Define the field name used to store the session data, as
|
|
'DATA' appears to be a reserved word in the following cases:
|
|
ANSI SQL
|
|
IBM DB2
|
|
MS SQL Server
|
|
Postgres
|
|
SAP
|
|
|
|
* filter(): Used to support multiple, simulataneous encryption/compression
|
|
schemes.
|
|
|
|
* Debug support is improved thru _rsdump() function, which is called after
|
|
every database call.
|
|
|
|
------------
|
|
What's Fixed
|
|
------------
|
|
|
|
The new code includes several bug fixes and enhancements:
|
|
|
|
* sesskey is compared in BINARY mode for MySQL, to avoid problems with
|
|
session keys that differ only by case.
|
|
Of course, the user should define the sesskey field as BINARY, to
|
|
correctly fix this problem, otherwise performance will suffer.
|
|
|
|
* In ADODB_Session::gc(), if $expire_notify is true, the multiple DELETES in
|
|
the original code have been optimized to a single DELETE.
|
|
|
|
* In ADODB_Session::destroy(), since "SELECT expireref, sesskey FROM $table
|
|
WHERE sesskey = $qkey" will only return a single value, we don't loop on the
|
|
result, we simply process the row, if any.
|
|
|
|
* We close $rs after every use.
|
|
|
|
---------------
|
|
What's the Same
|
|
---------------
|
|
|
|
I know backwards compatibility is *very* important to you. Therefore, the
|
|
new code is 100% backwards compatible.
|
|
|
|
If you like my code, but don't "trust" it's backwards compatible, maybe we
|
|
offer it as beta code, in a new directory for a release or two?
|
|
|
|
------------
|
|
What's To Do
|
|
------------
|
|
|
|
I've vascillated over whether to use a single function to get/set
|
|
parameters:
|
|
|
|
$user = ADODB_Session::user(); // get
|
|
ADODB_Session::user($user); // set
|
|
|
|
or to use separate functions (which is the PEAR/Java way):
|
|
|
|
$user = ADODB_Session::getUser();
|
|
ADODB_Session::setUser($user);
|
|
|
|
I've chosen the former as it's makes for a simpler API, and reduces the
|
|
amount of code, but I'd be happy to change it to the latter.
|
|
|
|
Also, do you think the class should be a singleton class, versus a static
|
|
class?
|
|
|
|
Let me know if you find this code useful, and will be including it in the
|
|
next release of ADODB.
|
|
|
|
If so, I will modify the current documentation to detail the new
|
|
functionality. To that end, what file(s) contain the documentation? Please
|
|
send them to me if they are not publically available.
|
|
|
|
Also, if there is *anything* in the code that you like to see changed, let
|
|
me know.
|
|
|
|
Thanks,
|
|
|
|
Ross
|
|
|