NYCPHP Meetup

[Paul Houle]

dkov at optonline.net wrote:
> Does anyone use the Cakephp framework? If you do, I have tried using 
> thier session component to create and manage sessions.  I have read 
> every bit of information I can find on the internet.  I still can't 
> get my sessions working correctly.  Please teach me.
    I avoid session variables -- most applications that use session 
variables are "broken by design".  If you do manage to get sessions to 
work,  the next thing you'll be asking us is how to disable the back button.

    The "stateless" paradigm of web programming is responsible for many 
of it's advantages:  the reasons why we're writing web-based business 
apps instead of other applications.

    It turns out that the behavior of cookies in mainstream web browsers 
are largely undocumented;  it's bad enough if you've got control of the 
cookies that you're sticking on people,  but things get really 
mysterious when some library you don't control is doing it.

    PHP locks the $_SESSION variable when it's in use -- this causes 
lots of problems for apps that have multiple frames,  use AJAX,  etc.

    If you want to write reliable web apps,  keep your "session" state 
in well-engineered database tables,  and use signed cookies to attach a 
session id to users.  You'll spend a less time dealing with mysterious 
behavior on the part of the $_SESSION object.