Really smart sessions and authorization
Good day. Having seen an article on the topic of “smart sessions”, I decided to share a really smart scheme that exceeds all the proposed parameters in all respects.
Task
Implement an optimal system of user sessions and authorizations, with the option "Exit on all computers." Protect the system from failures (memcached restarts), ensure efficient use of memory.
Implementation
')
1. You need to make a wrapper for storage (see code number 1). The code certainly needs to be adapted to your system (for example, specify the path to the memcache object).
2. Use $ session-> start (); only in those cases when you really need to access the session (for example, in the authorization controller). To get the session ID, use $ session-> getId ().
3. For authorization, create a table in the DBMS (see code No. 2). It stores session IDs and their corresponding user IDs. If the authentication data is successfully entered, the corresponding row must be inserted into the table, and the key “al.” => Should be added to memcached.
When a user accesses a page, it is necessary to request $ session-> getId (), and if the string is returned, first check the corresponding in memcached if it is not found, query the authsessions table (and insert it into memcached), and use the resulting UID as such.
When you click on the “Exit on all computers” button, you must query all sessions with the same UID from the authsessions table and delete them from the DBMS first, then from memcached.
Code number 1:
Code number 2:
Task
Implement an optimal system of user sessions and authorizations, with the option "Exit on all computers." Protect the system from failures (memcached restarts), ensure efficient use of memory.
Implementation
')
1. You need to make a wrapper for storage (see code number 1). The code certainly needs to be adapted to your system (for example, specify the path to the memcache object).
2. Use $ session-> start (); only in those cases when you really need to access the session (for example, in the authorization controller). To get the session ID, use $ session-> getId ().
3. For authorization, create a table in the DBMS (see code No. 2). It stores session IDs and their corresponding user IDs. If the authentication data is successfully entered, the corresponding row must be inserted into the table, and the key “al.” => Should be added to memcached.
When a user accesses a page, it is necessary to request $ session-> getId (), and if the string is returned, first check the corresponding in memcached if it is not found, query the authsessions table (and insert it into memcached), and use the resulting UID as such.
When you click on the “Exit on all computers” button, you must query all sessions with the same UID from the authsessions table and delete them from the DBMS first, then from memcached.
Code number 1:
<?php
$session = new session;
class session
{
public $lifeTime = 86400;
public $started = FALSE;
public function __construct ()
{
ini_set( 'session.cookie_lifetime' ,157680000);
ini_set( 'session.cookie_domain' ,COOKDOMAIN);
ini_set( 'session.name' ,COOKPREFIX. 'sid' );
ini_set( 'session.use_trans_sid' ,0);
ini_set( 'session.use_cookies' ,1);
}
public function getId()
{
$sn = ini_get( 'session.name' );
if (isset($_REQUEST[$sn])) { return gpcvar_str($_REQUEST[$sn]);}
if (isset($_COOKIE[$sn])) { return gpcvar_str($_COOKIE[$sn]);}
$ this ->start();
return session_id();
}
public function start()
{
if ($ this ->started) { return ;}
$ this ->started = TRUE;
$sn = ini_get( 'session.name' );
session_set_save_handler(array($ this , 'open' ),array($ this , 'close' ),array($ this , 'read' ),array($ this , 'write' ),array($ this , 'destroy' ),array($ this , 'gc' ));
if (isset($_REQUEST[$sn])) {$_COOKIE[$sn] = gpcvar_str($_REQUEST[$sn]);}
session_start();
}
public function session_write_close() { return TRUE;}
public function open($savePath,$sessName) { return TRUE;}
public function close() { return TRUE;}
public function read($sessID) { return xE::$memcache-> get ( 'sess.' .$sessID);}
public function write($sessID,$sessData) { return xE::$memcache-> set ( 'sess.' .$sessID,$sessData,$ this ->lifeTime);}
public function destroy($sessID) { return xE::$memcache->delete( 'sess.' .$sessID);}
public function gc($lt) { return TRUE;}
}
function gpcvar_str(&$ var ) { if (is_array($ var )) { return '' ;} return strval($ var );}
* This source code was highlighted with Source Code Highlighter .Code number 2:
CREATE TABLE `xE_authsessions` (
`session_id` char (32) CHARACTER SET ascii COLLATE ascii_bin NOT NULL ,
`uid` int (11) NOT NULL ,
`ip` int (10) unsigned NOT NULL ,
`ctime` int (11) NOT NULL ,
PRIMARY KEY (`session_id`),
KEY `uid` (`uid`)
) ENGINE=InnoDB;
* This source code was highlighted with Source Code Highlighter .Source: https://habr.com/ru/post/62550/
All Articles