php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #20650 Change of Read($sess_id) to ($sess_id, $maxlifetime)
Submitted: 2002-11-26 09:43 UTC Modified: 2012-03-31 04:10 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: andreas dot birrer at ag dot ch Assigned:
Status: Wont fix Package: Session related
PHP Version: 4.2.2 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: andreas dot birrer at ag dot ch
New email:
PHP Version: OS:

 

 [2002-11-26 09:43 UTC] andreas dot birrer at ag dot ch
If I install a user save handler class
e.g. MySqlSessionHandler with methods Read, Write, GC etc.

MySqlSessionHandler::Read($sess_id) is always called before
MySqlSessionHandler::GC($maxlifetime)

This has the problem, that a session is read, which potentially would be garbage collected.

Therefore it would be nice to get the $maxlifetime parameter also in Read e.g. Read($sess_id, $maxlifetime)

This allows to return an empty session if it has timeouted.

For Clarification here are two Methods GC and Read with $lifetime information

function Read($sess_id, $maxlifetime)
	{	
		// beware of timouted sessions not yet gced
		$time_stamp= time();
		$removeDate= date("YmdHis", ($time_stamp - $maxlifetime));

		$search_query=	"SELECT * FROM $_session_table WHERE (session_id = '$sess_id') and (last_accessed >= $removeDate)";
		$result= @ mysql_query($search_query, $_connection);
		if(!$result)
		{
			// No session found - return an empty string
			return "";
		}
		else
		{
			// Found a session - return the serialized string
			$row = mysql_fetch_array($result);
			return $row["session_variable"];
		}
	}

function GC($max_lifetime)
	{
		global $_connection;
		global $_session_table;

		$time_stamp= time();
		$removeDate= date("YmdHis", ($time_stamp - $max_lifetime));

		$delete_query = "DELETE FROM $_session_table WHERE last_accessed < $removeDate";
		$result = @mysql_query($delete_query,$_connection);
		
		return true;
	}	

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-29 17:45 UTC] jani@php.net
-Package: Feature/Change Request +Package: Session related
 [2012-03-31 04:10 UTC] yohgaki@php.net
You need to lock data, so that the date may not be deleted and/or can stay 
consistent.
 [2012-03-31 04:10 UTC] yohgaki@php.net
-Status: Open +Status: Wont fix
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Nov 25 03:01:23 2020 UTC