|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Codewalkers Forums Sponsor:
|
|
|
|
#1
January 7th, 2008, 06:59 AM
|
|||
|
|||
|
Auth - used with HTTP_Session or HTTP_Session2
Can the package Auth be used the package HTTP_Session or HTTP_Session2 to store session information?
The reason why I ask, Is that I want my session data to be stored into a DB, which is exactly what the HTTP_Sessions package can do. However, if I instantiate a HTTP_Session object and set it to use a DB, will the Auth object use the database, or will it just store the session data with PHP's default session function handlers? If it can't be done, what's the best way to have Auth use a DB to store session information? I tried to override the session handler functions, but my code has a bug, causing only one user to be logged in at any 1 time. The rest end up getting logged out, for those who are still meant to have valid sessions. Last edited by joshLangley : January 7th, 2008 at 07:03 AM. Reason: incorrect package names
|
|
#2
January 7th, 2008, 09:08 AM
|
||||
|
||||
|
Because the Auth package uses the built in php session handling (ie. session_start()) and the HTTP_session2 provides its own function calls, you would need to go through the code in the Auth package and change all session references to use the HTTP_session2 functions.
Is there a reason you don't want to use the php built in session handling, that uses compiled C code. It is 10X faster than session handling using php code in an alternate PEAR package or even in a replacement session handler written in php. Last edited by cwf : January 7th, 2008 at 09:17 AM. Reason: fixed text that was smiley and spelling
|
|
#3
January 7th, 2008, 04:24 PM
|
|||
|
|||
|
Thanks for the great info.
Quote:
The site I'm being hosted at is a public web server, so I want prevent other people looking at the session information and obtaining the password hashes. I read in an article by phpsec that the best way to secure your session information, was to override the functions and have the information store in a DB. Is their a different way I can have a pretty good level of privacy regarding the session info and preserving the execution speed advantages you have mentioned above?
|
|
#5
January 7th, 2008, 07:08 PM
|
|||
|
|||
|
Quote:
ok thanks for your help, I think that is definitely the best choice since it only involves 1 line of code. lol. If only I done that earlier, oh well, best code is usually written with the delete key. ^_^
|
|
| Viewing: Codewalkers Forums > PHP Related > PEAR Packages > Auth - used with HTTP_Session or HTTP_Session2 |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
faster than session handling using php code in an alternate PEAR package or even in a replacement session handler written in php. 
Linear Mode
