You should become a good Agile enthusiast and unit test...For example, if you use custom session-handling functions, the write function is called during script termination, so you can't debug it using echo.
PHP uses GET variable to store SID, which is sometimes undesirable. (Prone to session hijacking.) Disabling it is quite tricky, since GET is used only if cookies are not available, and there are countless ini options.
PHP tends to send session cookies to all users after you call session_start(). Personally, I like when user gets cookie only when there is real need for it. That's why my class has separate begin() and load() methods.
Session class ideas?
Moderator: General Moderators
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
I haven't really read the thread yet, but here's my Session class. What it does is allows PHP to store everything in only one variable, minimizing session name crashes.
Code: Select all
<?php
//no seperation from SESSION globals... however, you could argue this is the
//mapper for that (an active record, essentially)...
class Session
{
var $user_id;
var $user_name;
var $user_rights;
var $lastaccess;
var $_expiration = 86400;
function Session($user_id, $user_name, $user_rights, $lastaccess) {
$this->user_id = $user_id;
$this->user_name = $user_name;
$this->user_rights = $user_rights;
$this->lastaccess = $lastaccess;
}
function getUserID() {return $this->user_id;}
function getUserName() {return $this->user_name;}
function getUserRights() {return $this->user_rights;}
function getLastaccess() {return $this->lastaccess;}
function sessionVariable() {
return 'session';
}
function &newFromUser(&$user) {
$user_id = $user->getID();
$user_name = $user->getName();
$user_rights = $user->getRights();
$lastaccess = time();
return new Session($user_id, $user_name, $user_rights, $lastaccess);
}
function &newFromSession() {
if (empty($_SESSION[Session::sessionVariable()])) {
return false;
}
header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
return unserialize($_SESSION[Session::sessionVariable()]);
}
function update() {
$_SESSION[$this->sessionVariable()] = $this->serialize($this);
}
function delete() {
$_SESSION[$this->sessionVariable()] = serialize(false);
}
function isExpired() {
return time() > $this->lastaccess + $this->_expiration;
}
function setLastaccess($time = false) {
if (!$time) $time = time();
$this->lastaccess = $time;
}
function serialize() {
if ($this->isExpired()) {
return serialize(false);
}
return serialize($this);
}
function _admin() {return ($this->user_rights == 'admin');}
//Priviledges! Whee!
function isRegistered() {return !is_a($this,'Session_Null');}
function canAdminAccess() {return $this->_admin();}
function canBookViewTrash() {return $this->_admin();}
function canBookBypassCaptcha() {return $this->_admin();}
function canBookDelete() {return $this->_admin();}
function canBookEdit() {return $this->_admin();}
function canBookViewSensitive() {return $this->_admin();}
function canIndexReloadRandom() {return $this->_admin();}
function canIndexViewExtra() {return $this->_admin();}
}
?>- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Code: Select all
function delete() {
$_SESSION[$this->sessionVariable()] = serialize(false);
}- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
It's crazy how differently each of us have developed a session class...Ambush Commander wrote:I haven't really read the thread yet, but here's my Session class. What it does is allows PHP to store everything in only one variable, minimizing session name crashes.
Code: Select all
<?php //no seperation from SESSION globals... however, you could argue this is the //mapper for that (an active record, essentially)... class Session { var $user_id; var $user_name; var $user_rights; var $lastaccess; var $_expiration = 86400; function Session($user_id, $user_name, $user_rights, $lastaccess) { $this->user_id = $user_id; $this->user_name = $user_name; $this->user_rights = $user_rights; $this->lastaccess = $lastaccess; } function getUserID() {return $this->user_id;} function getUserName() {return $this->user_name;} function getUserRights() {return $this->user_rights;} function getLastaccess() {return $this->lastaccess;} function sessionVariable() { return 'session'; } function &newFromUser(&$user) { $user_id = $user->getID(); $user_name = $user->getName(); $user_rights = $user->getRights(); $lastaccess = time(); return new Session($user_id, $user_name, $user_rights, $lastaccess); } function &newFromSession() { if (empty($_SESSION[Session::sessionVariable()])) { return false; } header('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); return unserialize($_SESSION[Session::sessionVariable()]); } function update() { $_SESSION[$this->sessionVariable()] = $this->serialize($this); } function delete() { $_SESSION[$this->sessionVariable()] = serialize(false); } function isExpired() { return time() > $this->lastaccess + $this->_expiration; } function setLastaccess($time = false) { if (!$time) $time = time(); $this->lastaccess = $time; } function serialize() { if ($this->isExpired()) { return serialize(false); } return serialize($this); } function _admin() {return ($this->user_rights == 'admin');} //Priviledges! Whee! function isRegistered() {return !is_a($this,'Session_Null');} function canAdminAccess() {return $this->_admin();} function canBookViewTrash() {return $this->_admin();} function canBookBypassCaptcha() {return $this->_admin();} function canBookDelete() {return $this->_admin();} function canBookEdit() {return $this->_admin();} function canBookViewSensitive() {return $this->_admin();} function canIndexReloadRandom() {return $this->_admin();} function canIndexViewExtra() {return $this->_admin();} } ?>
Clearly yours is more specialized than mine...as mine doesn't include ACL or anything...
Cheers