PEAR Packages
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Codewalkers ForumsPHP RelatedPEAR Packages

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Codewalkers Forums Sponsor:
  #1  
Old January 7th, 2008, 06:59 AM
joshLangley joshLangley is offline
Registered User
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Dec 2007
Posts: 5 joshLangley User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 51 m 21 sec
Reputation Power: 0
Auth - used with HTTP_Session or HTTP_Session2

Can the package Auth be used the package HTTP_Session or HTTP_Session2 to store session information?
The reason why I ask, Is that I want my session data to be stored into a DB, which is exactly what the HTTP_Sessions package can do.
However, if I instantiate a HTTP_Session object and set it to use a DB, will the Auth object use the database, or will it just store the session data with PHP's default session function handlers?

If it can't be done, what's the best way to have Auth use a DB to store session information? I tried to override the session handler functions, but my code has a bug, causing only one user to be logged in at any 1 time. The rest end up getting logged out, for those who are still meant to have valid sessions.

Last edited by joshLangley : January 7th, 2008 at 07:03 AM. Reason: incorrect package names

Reply With Quote
  #2  
Old January 7th, 2008, 09:08 AM
cwf's Avatar
cwf cwf is offline
Contributing User
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Apr 2007
Posts: 354 cwf User rank is Private First Class (20 - 50 Reputation Level)cwf User rank is Private First Class (20 - 50 Reputation Level) 
Time spent in forums: 1 Week 3 Days 7 h 8 m 8 sec
Reputation Power: 3
Because the Auth package uses the built in php session handling (ie. session_start()) and the HTTP_session2 provides its own function calls, you would need to go through the code in the Auth package and change all session references to use the HTTP_session2 functions.

Is there a reason you don't want to use the php built in session handling, that uses compiled C code. It is 10X faster than session handling using php code in an alternate PEAR package or even in a replacement session handler written in php.

Last edited by cwf : January 7th, 2008 at 09:17 AM. Reason: fixed text that was smiley and spelling

Reply With Quote
  #3  
Old January 7th, 2008, 04:24 PM
joshLangley joshLangley is offline
Registered User
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Dec 2007
Posts: 5 joshLangley User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 51 m 21 sec
Reputation Power: 0
Thanks for the great info.

Quote:
Is there a reason you don't want to use the php built in session handling, that uses compiled C code. It is 1 faster than session handling using php code in an alternate PEAR package or even in a replacement session handler written in php.

The site I'm being hosted at is a public web server, so I want prevent other people looking at the session information and obtaining the password hashes.
I read in an article by phpsec that the best way to secure your session information, was to override the functions and have the information store in a DB.
Is their a different way I can have a pretty good level of privacy regarding the session info and preserving the execution speed advantages you have mentioned above?

Reply With Quote
  #4  
Old January 7th, 2008, 05:42 PM
cwf's Avatar
cwf cwf is offline
Contributing User
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Apr 2007
Posts: 354 cwf User rank is Private First Class (20 - 50 Reputation Level)cwf User rank is Private First Class (20 - 50 Reputation Level) 
Time spent in forums: 1 Week 3 Days 7 h 8 m 8 sec
Reputation Power: 3
Just set session.save_path to be a private folder within your account's path.

Reply With Quote
  #5  
Old January 7th, 2008, 07:08 PM
joshLangley joshLangley is offline
Registered User
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Dec 2007
Posts: 5 joshLangley User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 51 m 21 sec
Reputation Power: 0
Quote:
Originally Posted by cwf
Just set session.save_path to be a private folder within your account's path.

ok thanks for your help, I think that is definitely the best choice since it only involves 1 line of code. lol. If only I done that earlier, oh well, best code is usually written with the delete key. ^_^

Reply With Quote
Reply

Viewing: Codewalkers ForumsPHP RelatedPEAR Packages > Auth - used with HTTP_Session or HTTP_Session2


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump




 Free IT White Papers!
 
Create the Optimal Architecture for your Critical Applications
Warburton's the largest independently owned bakery in the UK faced a number of difficult challenges in providing the most robust yet efficient IT infrastructure for their organization's success. IBM's services combined with their xSeries servers created the perfect platform for their SAP environment with sufficient flexibility, and did so in very time effective fashion.

Request Your Free Technology Downloads!
 
Five Best Practices for Deploying a Successful Service-Oriented Architecture
This white paper describes the benefits you can expect with SOA, and how IBM can help take your business there.

Request Your Free Technology Downloads!
 
Gartner Magic Quadrant for Application Delivery Controllers
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses of solutions, and provides Magic Quadrant reporting for a quick comparison across all vendors. Learn from Gartner how you can benefit from an all-in-one device like Citrix NetScaler that delivers the highest levels of availability, performance and security.

Request Your Free Technology Downloads!
 
Knowledge is Power
What you don't know can hurt you, and is likely costing you money and increasing your security risks during an era of scarce resources. This white paper proposes six key strategies that enterprise security managers can use to improve their network defense posture.

Request Your Free Technology Downloads!
 
Rationalizing the Multi-Tool Environment
The rationalized multi-tool approach is flexible, scalable and cost effective. It provides the necessary input to the IT service management business processes. It preserves prior investments in monitoring tools, empowers technologists to select the best tools with which to do their jobs, and enhances effective response to incidents.

Request Your Free Technology Downloads!
 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 




© 2003-2010 by Developer Shed. All rights reserved. DS Cluster 2 Hosted by Hostway
For more Enterprise Application Development news, visit eWeek