[nycphp-talk] Checking active sessions
Rob Marscher
rmarscher at beaffinitive.com
Thu Apr 26 11:39:17 EDT 2007
>> Is there any way I can check which sessions are currently active
>> and which aren't? I like to add some housekeeping code, but taking
>> away things from active sessions would be just mean.
Check out the documentation for session_set_save_handler -- http://
us.php.net/manual/en/function.session-set-save-handler.php This is
how you can override the way php handles sessions by default and put
in your own code. The "gc" function (stands for garbage collection)
is where the "housekeeping" code goes. Note that the default php
session handlers should be cleaning up the expired session temp files
for you automatically. The location for these temp files is
specified by the session.save_path php.ini setting.
> My plan is to create a session, authenticate the user, then
> generate a new session ID for the session )I read that this
> improves security and is easy enough to do)
As far as regenerating the session id after login, it *is* simple --
http://us.php.net/manual/en/function.session-regenerate-id.php -- but
if you're overwriting the default session handler to store sessions
in a database table, you need to make sure that it's getting updated
the way you expect.
------------------
Rob Marscher
Software Engineer
rmarscher at beaffinitive.com
212.684.9100x17
More information about the talk
mailing list