user sessions problem/question
Adam Arrowood
adam@oit.gatech.edu
Wed, 27 Feb 2002 18:08:56 -0500
Hi,
We're trying to rotor imp 3.0 across multiple machine and don't want to use a
shared filesystem for common session handling. We are using a MySQL database as
the backend session store, via a inhouse bug-fixed version of the code at:
http://www.phpbuilder.com/columns/ying20000602.php3
The problem I'm having is with starting/destroying/starting a session in the
same user access. When a user logs out of IMP, a session_start is called (via
Registry.php) and then the following code is hit:
if ($registry->getMethod('auth/logout') == $registry->getApp()) {
include_once HORDE_BASE . '/lib/Auth.php';
Auth::clearAuth();
session_destroy();
@session_start();
}
Well, if my session store in the php.ini is 'file' or 'mm', it works fine. But
if it is 'user', the apache child handling the request segfaults. This happens
on linux (redhat 7.1) and Solaris (8). I know it sounds like a php bug (I wrote
a simple test script to verify that it happens outside of horde/imp too), but my
temporary fix got me to thinking, why not just clear out the session instead of
destroying it? This fixed the problem of logging out:
if ($registry->getMethod('auth/logout') == $registry->getApp()) {
include_once HORDE_BASE . '/lib/Auth.php';
Auth::clearAuth();
global $HTTP_SESSION_VARS;
foreach($HTTP_SESSION_VARS as $key => $value) {
session_unregister($key); }
}
(I'm sure there's a better way to do what I did... I'm not a php guru, for sure)...
Anyway, is there an advantage to destroying a session and then starting a new
one versus just clearing out the current session? If the user doesn't log back
in, the session will just be garbage collected anyway, right?
thanks,
Adam Arrowood
adam@oit.gatech.edu
--
Adam Arrowood || http://www.gatech.edu/adam
Office of Information Technology/O&E/CS
Georgia Institute of Technology, Atlanta, GA USA