Session class ideas?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

For example, if you use custom session-handling functions, the write function is called during script termination, so you can't debug it using echo.

PHP uses GET variable to store SID, which is sometimes undesirable. (Prone to session hijacking.) Disabling it is quite tricky, since GET is used only if cookies are not available, and there are countless ini options.

PHP tends to send session cookies to all users after you call session_start(). Personally, I like when user gets cookie only when there is real need for it. That's why my class has separate begin() and load() methods.
You should become a good Agile enthusiast and unit test...:) Just to note PHP will usually use both GET and COOKIE for the first visit to a domain. It then chooses which one to use (preferably COOKIE) based on whether a cookie variable could be set. I think this causes a little confusion when trying to disable GET completely.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

I haven't really read the thread yet, but here's my Session class. What it does is allows PHP to store everything in only one variable, minimizing session name crashes.

Code: Select all

<?php

//no seperation from SESSION globals... however, you could argue this is the
//mapper for that (an active record, essentially)...

class Session
{
    
    var $user_id;
    var $user_name;
    var $user_rights;
    var $lastaccess;
    
    var $_expiration = 86400;
    
    function Session($user_id, $user_name, $user_rights, $lastaccess) {
        $this->user_id      = $user_id;
        $this->user_name    = $user_name;
        $this->user_rights  = $user_rights;
        $this->lastaccess   = $lastaccess;
    }
    
    function getUserID()        {return $this->user_id;}
    function getUserName()      {return $this->user_name;}
    function getUserRights()    {return $this->user_rights;}
    function getLastaccess()    {return $this->lastaccess;}
    
    function sessionVariable() {
        return 'session';
    }
    
    function &newFromUser(&$user) {
        $user_id = $user->getID();
        $user_name = $user->getName();
        $user_rights = $user->getRights();
        $lastaccess = time();
        return new Session($user_id, $user_name, $user_rights, $lastaccess);
    }
    
    function &newFromSession() {
        if (empty($_SESSION[Session::sessionVariable()])) {
            return false;
        }
        header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
        return unserialize($_SESSION[Session::sessionVariable()]);
    }
    
    function update() {
        $_SESSION[$this->sessionVariable()] = $this->serialize($this);
    }
    
    function delete() {
        $_SESSION[$this->sessionVariable()] = serialize(false);
    }
    
    function isExpired() {
        return time() > $this->lastaccess + $this->_expiration;
    }
    
    function setLastaccess($time = false) {
        if (!$time) $time = time();
        $this->lastaccess = $time;
    }
    
    function serialize() {
        if ($this->isExpired()) {
            return serialize(false);
        }
        return serialize($this);
    }
    
    
    function _admin() {return ($this->user_rights == 'admin');}
    
    //Priviledges! Whee!
    
    function isRegistered() {return !is_a($this,'Session_Null');}
    
    function canAdminAccess() {return $this->_admin();}
    function canBookViewTrash() {return $this->_admin();}
    function canBookBypassCaptcha() {return $this->_admin();}
    function canBookDelete() {return $this->_admin();}
    function canBookEdit() {return $this->_admin();}
    function canBookViewSensitive() {return $this->_admin();}
    function canIndexReloadRandom() {return $this->_admin();}
    function canIndexViewExtra() {return $this->_admin();}
}

?>
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Code: Select all

function delete() {
        $_SESSION[$this->sessionVariable()] = serialize(false);
    }
The only thing I can recommend is instead of setting the function to false is actually deleting the variable.. ie unset()
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Hahaha. That's quite strange. Must have to do with unconditional unserializes. I'll investigate.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Ambush Commander wrote:I haven't really read the thread yet, but here's my Session class. What it does is allows PHP to store everything in only one variable, minimizing session name crashes.

Code: Select all

<?php

//no seperation from SESSION globals... however, you could argue this is the
//mapper for that (an active record, essentially)...

class Session
{
    
    var $user_id;
    var $user_name;
    var $user_rights;
    var $lastaccess;
    
    var $_expiration = 86400;
    
    function Session($user_id, $user_name, $user_rights, $lastaccess) {
        $this->user_id      = $user_id;
        $this->user_name    = $user_name;
        $this->user_rights  = $user_rights;
        $this->lastaccess   = $lastaccess;
    }
    
    function getUserID()        {return $this->user_id;}
    function getUserName()      {return $this->user_name;}
    function getUserRights()    {return $this->user_rights;}
    function getLastaccess()    {return $this->lastaccess;}
    
    function sessionVariable() {
        return 'session';
    }
    
    function &newFromUser(&$user) {
        $user_id = $user->getID();
        $user_name = $user->getName();
        $user_rights = $user->getRights();
        $lastaccess = time();
        return new Session($user_id, $user_name, $user_rights, $lastaccess);
    }
    
    function &newFromSession() {
        if (empty($_SESSION[Session::sessionVariable()])) {
            return false;
        }
        header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
        return unserialize($_SESSION[Session::sessionVariable()]);
    }
    
    function update() {
        $_SESSION[$this->sessionVariable()] = $this->serialize($this);
    }
    
    function delete() {
        $_SESSION[$this->sessionVariable()] = serialize(false);
    }
    
    function isExpired() {
        return time() > $this->lastaccess + $this->_expiration;
    }
    
    function setLastaccess($time = false) {
        if (!$time) $time = time();
        $this->lastaccess = $time;
    }
    
    function serialize() {
        if ($this->isExpired()) {
            return serialize(false);
        }
        return serialize($this);
    }
    
    
    function _admin() {return ($this->user_rights == 'admin');}
    
    //Priviledges! Whee!
    
    function isRegistered() {return !is_a($this,'Session_Null');}
    
    function canAdminAccess() {return $this->_admin();}
    function canBookViewTrash() {return $this->_admin();}
    function canBookBypassCaptcha() {return $this->_admin();}
    function canBookDelete() {return $this->_admin();}
    function canBookEdit() {return $this->_admin();}
    function canBookViewSensitive() {return $this->_admin();}
    function canIndexReloadRandom() {return $this->_admin();}
    function canIndexViewExtra() {return $this->_admin();}
}

?>
It's crazy how differently each of us have developed a session class...

Clearly yours is more specialized than mine...as mine doesn't include ACL or anything...

Cheers :)
santosj
Forum Contributor
Posts: 157
Joined: Sat Apr 29, 2006 7:06 pm

Post by santosj »

I just prefer to use $_SESSION the right way, since it is global and I don't have to do anything besides session_start();.
Post Reply