I have set Yii application session to save in database.
In one part of my app i need to read created session by Yii but
i can't use Yii::app()->session because my code is out of Yii application.
Can i read this session with PHP function?
or
create and save this specific session with Yii in temp folder instead of database(so i can easily use $_SESSION)?
The function you're looking for is session_set_save_handler().
This function allows you to override the default handling of the $_SESSION variable. You can use it to specify a set of functions that will handle the loading, saving, and other tasks associated with session handling.
You can use these functions to load session data from a database, or any other source you may want.
Hope that helps.
You could catch the cookie sent by browser and select from table using session id from cookie, but most probably there is a better way to solve your problem.
Why can't you simply move the code into Yii controller? Even if it is something specific, it's usually easy to work around.
Related
I am currently trying to implement a way to flash session data similarly to how Laravel deals with flash data. I am aware that Laravel override the native session methods that are getting called by functions like session_start.
They seem to do this with the Http foundation package of Symfony by creating custom methods for open, read, write, etc. for the session. This is done by using session_set_save_handler:
http://php.net/manual/en/function.session-set-save-handler.php
By using that function you can implement your open logic for when you start a session or a session gets written to. But so far I can not find the direct logic in the Laravel codebase where flash data is being unset.
It would make sense to unset the flash data right before the write functionality of the session. This way you would unset it for future requests and will be sure it will only happen at the termination of your code.
Could anybody tell me how Laravel deals with session flash messages?
In the Illuminate\Session\Store class you can find the save method which is called when the sessions are stored. Aka the session_set_save_handler in essence.
https://github.com/laravel/framework/blob/7acc98e112cce4e04f30c7ee4fc0a53dbc5c425b/src/Illuminate/Session/Store.php#L261
On that line the $this->ageFlashData(); method is called.
The method contains the following code
$this->forget($this->get('_flash.old', []));
$this->put('_flash.old', $this->get('_flash.new', []));
$this->put('_flash.new', []);
So on a page call all flash data is stored into _flash.new.
When the sessions are saved all data in _flash.old will be cleared and everything stored in _flash.new is moved to _flash.old. The _flash.new is prepared to store new data for the next page call
If you want to maintain flash messages, for example on an ajax call you can use the reflash() method in the session store which moves everything in the _flash.old back to the _flash.new
I would like to make a object, which not need to create all the time....
for example, I have a user object, and the user is created from the db, so, when the user login, I can read the user object information from the db... each user make requests, I need to create a new user object again....Even I make a singleton object...It still can "keep" the object....But I want to save the communication between the php and the db...Is there any way to keep an object instead of query the db all the time? Thank you.
Put it in $_SESSION ? That would make sense, if I read your question right
But I want to save the communication between the php and the db
Use APC or Memcached and cache the queries. Invalidate the cache whenever the User object is changed in a way that requires writing it back to the database.
This will still create a new User object on each request, but it saves you the roundtrip to the database (but not to the cache). There is no way to keep a PHP object in memory between Requests without serializing/persisting it to some other layer. PHP is shared nothing. PHP objects live for the request.
As for storing a users data in an object and storing that within a session,i think would be fine, though I would drag too much data around within the session itself. You need to get a balance however between looking constantly re-querying a data source, or using sessions. It really depends on your application and environment.
You could achieve this in two ways:
1) As Tattat says you could query the db and get the users info and save it as an object into the session $_SESSION['userObj'] = $userObj. You could then pull it back down from the session wherever you needed it e.g $user = $_SESSION['userObj'];
2) Second way is to inherit from a common php page you include on all of your pages (for now calling it common.php). Using the PHP GLOBAL varible to make it available any page that includes the commmon php file. e.g.
global $user;
$admin = db_fetch_object(db_query("SELECT * FROM user u WHERE u.user_id = '%d'", $_SESSION['admin_id']));
The varible $user would be then be accessable by your other php pages as long as you included the common.php file I mentioned before.
Hope this help dude :)
Just looking for some ideas and maybe feedback on what I have at the moment.
A website that has standard access using a generated 'session id' stored as a PHP
session. This is alwazs passed as a GET method and checks if the user has been active for the last 10 minutes.
Otherwise unset and log out.
Problem I have if a mobile application accesses the same information in a similar manner... is it best to use the session id's ... as it can become annoying if suddenly your session runs out in a mobile app, esp. if the app has been left open.
So I thought of using a dev key. What is the best way to use a dev key for third party access? Is it to simply override the session key - i.e constant log in? or is it maybe best to use both?
Thanks in advance
I wouldn't suggest using a GET parameter to maintain sessions. It can leave you vulnerable to attacks. If you really want to do it make sure you generate the session IDs randomly. But whenever I want sessions I use PHP's built in session functions
You would manage a distributed session using db. You create the same session data on a table, then, the differents clients can ask to the db if exists a session open. You can try that using different status from the session.
In that way, you can use the table to persist the session data, but use the built in php sessions functions, like #Adam Lynch says
I've been given the not fun task of trying to marry a Zend framework instance to antique legacy code with out much modifying the legacy code. Part of this is a multipage form that takes in a heap of data, verifies it, processes it and then sends it to the websites owner in an e-mail. My job is to get that data into ZF where I can auto process it into a database. I cannot use POST. I'd rather like to avoid using an autosubmitting form as I don't think I'm supposed to be using Javascript. Get would be painfully unwieldy.
My hope was to get the data out of the existing form processor and into ZF using the Session. The data is already in the Session in the form processor. At first, I figured it'd be a simple matter of redirecting into my ZF instance (which exists inside a subdirectory of the main website). It's the same domain, ought to be the same session, right?
Well, something about the way ZF handles its sessions causes the old session data to be completely and utterly wiped out. Its just gone.
So does ZF handle its Session in such a way that it wipes out the existing session or is this a fluke? If this isn't a fluke, how can I bypass it? And if it is, what might be causing it/how can I fix it?
Edit
I am using Zend_Session_SaveHandler_DbTable for database backed sessions. This is initialized in the application.ini. Here is the initializing code:
resources.session.saveHandler.class = "Zend_Session_SaveHandler_DbTable"
resources.session.saveHandler.options.name = "Sessions"
resources.session.saveHandler.options.primary = "sessionID"
resources.session.saveHandler.options.modifiedColumn = "lastModifiedTime"
resources.session.saveHandler.options.dataColumn = "data"
resources.session.saveHandler.options.lifetimeColumn = "lifetime"
Where I am using the session, I have tried calling session_start(), but that creates an error. Probably because the save handler code has already initialized the session, or does so later. If I try to access the $_SESSION variable directly, I can an error indicating I attempted to access an unset variable. If I create a Zend_Session_Namespace first and then attempt to access $_SESSION, I am faced with an empty session.
Because you have ZF set up to save sessions to the database instead of the filesystem, having scripts that don't use the same ZF bootstrap code try to invoke the session will fail. (Even then, they could also be using two entirely different session cookie names...)
Because you've implied that the ZF bits are new, then the solution is simple: Stop using the session bits of ZF for now. This means no database table saving, no namespace handler, nothing. Work with the raw $_SESSION superglobal, and use the same session settings as the legacy code. This is the only way to make sure that both applications get access to the same session data without modifying the legacy code.
In general, I have the following scenario:
Fetch product and its related data from database
Convert fetched data to php 'product' object
cache product object in session
The cache is readonly, i.e customers viewing products on the site.
But there are calls like getProductIdsByCategory($categoryId) and the productIds from these results are cached too, per user, not using the global cache that I've read about.
A problem is that if someone on the admin side adds a new product and relates it to a category, then customers will not have the new productId come up in their cached getProductIdsByCategory until a new session is started.
Is there a way to clear e.g $_SESSION['x'] from ALL sessions on the server when a new product is added? I don't want to destroy all sessions because customers will then lose their logins etc.
Or should I move these cached productId searches to the global cache?
p.s am using a custom built cache, not memcached or similar.
Thanks
By default, the session data is just serialized files somewhere in your filesystem, and it is possible to go modify all of them to remove the information in question (respecting locking so that you don't step on any currently open sessions).
I don't really recommend it, though. What I would recommend is making a method of signalling that this cached data should be refreshed, like a database-stored timestamp that gets looked at when session_start() happens, and if the cached data is older than the timestamp, the cache is flushed.
Sounds to be like you could do with real shared state through a caching system like memcache.
The only other way that prints to mind is have the application check for flags for dirty cache data and delete it itself, or if your cache is in a database in a parsable serialized form write an expensive script to read them all, but that will create nasty lag with requests that have already read the data.
I would go with real shared state than checking for object copies.
Unless you store sessions in a database, clearing any specific bit of data will be tricky.
I would suggest caching in files rather than user sessions. This way you achieve the same benefits, but you get total control over what is cached and when it gets cleared.
To disable all existing sessions for a particular application, simply modify your application to change the name of the session using PHP's session_name('new_session_name'). This function needs to be called before each call to session_start().
This won't actually clear the current sessions, but it renders them no longer useful for this application.
Yes, you should move it to a global cache. Sessions are not meant to be accessed globally, I hardly think it's possible.
<?php session_destroy(); ?> // To delete whole session
// OR
<?php unset($_SESSION['myVar']); ?> // To delete a session myVar
to clear a session value use:
unset($_SESSION['x']);
you may loop on sessions for that