[horde] Horde 2.2.1 session handler
Andrew Morgan
morgan at orst.edu
Thu Mar 27 10:46:11 PST 2003
I've started using Horde's built-in session handler with MySQL since I
upgraded to v2.2.1. Previously, I was using a home-grown mysql session
handler.
One feature I had in my own session handler which is not in Horde's
session handler is checking for session timeout in the read() function, so
that a user's session *always* expires after the timeout. Horde's current
implementation depends on the garbage collection process to expire a
session.
I have the garbage collection percentage set to 1 because I run a very
busy webmail site. However, when I'm testing a new installation the
garbage collection almost never happens, and sessions last longer than
they should.
I've attached a small patch to horde/lib/SessionHandler/mysql.php which
works on our production site.
Would you guys be interested in adding this patch to Horde? Obviously, if
we change this for the mysql driver, it should be changed for the other
session handler's as well. I could make a first cut if there is interest.
Andy
-------------- next part --------------
--- lib/SessionHandler/mysql.php.orig Mon Mar 17 14:43:51 2003
+++ lib/SessionHandler/mysql.php Mon Mar 17 14:57:24 2003
@@ -97,8 +97,14 @@
/* Make sure we have a valid database connection. */
$this->_connect();
- $query = sprintf('SELECT session_data FROM %s WHERE session_id = %s',
- $this->_params['table'], $this->_quote($id));
+ /* Session timeout, don't rely on garbage collection */
+ $timeout = time() - ini_get('session.gc_maxlifetime');
+
+ $query = sprintf('SELECT session_data FROM %s WHERE session_id = %s' .
+ ' AND session_lastmodified > %s',
+ $this->_params['table'],
+ $this->_quote($id),
+ time() - ini_get('session.gc_maxlifetime'));
/* Log the query at a DEBUG log level. */
Horde::logMessage(sprintf('SQL Query by SessionHandler_mysql::read(): query = "%s"', $query),
More information about the horde
mailing list