[ Pobierz całość w formacie PDF ]
." purge: is called at the end of setSessionData to remove any expiredsessions from the database session table.It is also called by the session datahandling class when its own timeout processing is invoked.Although simplyremoving entries from the table will effectively terminate a login, it is betterto find out which users have logins that are being expired.Then any plugin that wants to know about user logout can be triggered.In Aliro, thatprocessing happens for the user side, but not the administration side.Finally,the purge processing triggers a tidy up of session data, as described later." logout: is implemented in different methods for user or administrationsessions, unlike the previous methods.In either case, the session data isdeleted.For an administration session, the only other action is to delete thecookie that shows such a session is active.For a user session, the session iscontinued, but it retains only the information relating to a visitor who is notlogged in to the system.This puts the person using the system in the sameposition after logout as they would be if they had just arrived at the site asa visitor.Session DataFor the reasons discussed earlier, Aliro implements a simple session data handlingclass using the database.The constructor of the abstract session class started thingsoff by creating an instance of the data handling class, and calling the PHP functionsession_set_save_handler.Since we will always want to have a single sessiondata handler, the class is written as a singleton in the usual way.The constructor for the session data handler would be very simple if it were not forthe problem of initial installation of the whole system.When the system is beinginstalled, the database does not exist.Because of that, we cannot store any data in it,and the handler has to work differently.The constructor is therefore:private function __construct(){$filename = md5(criticalInfo::getInstance()->absolute_path.'/configuration.php');$filepath = criticalInfo::getInstance()->absolute_path.'/'.$filename.'.php';if (file_exists($filepath) AND filesize($filepath) > 10 ) $this->db = aliroCoreDatabase::getInstance();}[ 84 ] Chapter 4The conditions in the constructor are a check on whether installation has beencompleted, and configuration information written to disk.Only if these setup jobsare out of the way can we get access to the secure database for storing session data.Session Data and BotsIf we treat every request the same, then a session will be started for each request thatdoes not provide a cookie showing that it is a continuation of an existing session.When search engine bots are very active, this can result in a lot of data being storedunnecessarily.Normally, the bots will not accept cookies, so each bot request is liableto start another session.Any session data will be stored, entirely fruitlessly since thebot will never present the cookie that is needed for the data to be retrieved.If sessiondata is being stored in files, many useless files are created.Likewise if the database isused, the table is likely to contain many useless records.To combat this, whenever a new request is encountered, Aliro stores its session datain a cookie.The quantity of data on a first request is not likely to be especially high,so the typical size limit of 4000 characters is not a concern.Obviously, the bots willignore the cookie, but the data in it was going to be wasted anyway.This way, thesession data table in the database will contain only information about real sessionsthat are ongoing.The write method for session data is therefore:public function sess_write ($session_id, $session_data){if ((!isset($_COOKIE['aliroCookieCheck']) AND!isset($_COOKIE['usercookie'])) OR !$this->db){if (!headers_sent()) setcookie ('aliro_temp_session',base64_encode($session_data), 0, '/');return true;}if (isset($_COOKIE['aliro_temp_session'])) setcookie('aliro_temp_session', null, time()-7*24*60*60, '/');$session_id = $this->db->getEscaped($session_id);$session_data = base64_encode($session_data);$this->db->doSQL("INSERT INTO #__session_data (session_id,session_data) VALUES ('$session_id','$session_data') ON DUPLICATE KEY UPDATEsession_data = '$session_data'");return true;}[ 85 ] Sessions and UsersThe first checks are designed to find out whether cookies are being accepted.If wereceive a rememberMe cookie we know immediately that cookies are being accepted,and we don't need to use the temporary cookie device.Every time a request comesalong that is not linked up with an existing session, the session class tries to write acookie with the name aliroCookieCheck.So if a cookie of that name is received, weknow that we are dealing with a follow up request.If neither of these apply, we writethe temporary session data cookie.There is also the situation during installation whereno database is yet available, so this is also handled by writing session data as a cookie [ Pobierz całość w formacie PDF ]