I'd like to explain my idea for basic session handling to you guys. I've thought about it, and I can't see any problem with it, but I'd like other's opinions as well, please. Ok, here goes.
So basically, there's two base cases that can happen.
User visits any page, session class is initialized, etc.
Case 1 - User not logged in; no cookie or session info in DB
If the user is not logged in, has no cookie, and/or there is no session info in the DB for this user, any specified activities, protected like so:
Code: Select all
if ( $session->loggedOn() == FALSE ) { ... }Case 2 - User is logged in
If the user is logged in, the session class first looks for the cookie. If it's found, and the info (session_id, session_key) is valid, $session->loggedOn() remains at true, and the last_visited time in the DB is updated.
In the constructor is a removeInactive(), which removes sessions that are inactive after a certain amount of time. There is also updateSession(), which does the checking for a session. On logout, all info is scrubbed, and removeInactive() is also called, closing the session.
Reasoning
I guess I should explain some of my reasoning to see if there's a flaw in it somewhere.
1. The session_id is just acting as a unique identifier. It's just a md5'd random string that associates a certain user with a certain session.
I'd appreciate any and all comments regarding my system. I don't have any code yet as it's just an idea, but I'm working on it.
Thanks for your time.
klarinetking