Really smart sessions and authorization
Good afternoon. Having seen an article on the topic of “smart sessions”, I decided to share a really smart scheme, which in all respects exceeds the proposed one.
Task
Implement an optimal system of user sessions and authorization, with the option to "Log out on all computers." Protect the system from crashes (rebooting memcached), ensure efficient use of memory.
Implementation
1. You need to make a wrapper for storage (see code number 1). The code certainly needs to be adapted to your system (for example, specify the path to the memcache object).
2. Use $ session-> start (); only in those cases when you really need to access the session (for example, in the authorization controller). To get the session ID, use $ session-> getId ().
3. To authorize, enter a table in the DBMS (see code No. 2). It stores session identifiers and their corresponding user IDs. If authentication data is successfully entered, you need to insert the corresponding row in the table, and also enter the key “al.” In memcached =>.
When a certain user accesses the page, it is necessary to request $ session-> getId (), and if the string is returned, check the corresponding memcached first, if it is not found, request the authsessions table (and insert it into memcached), and use the received UID as such.
When you click the “Log out on all computers” button, you need to query all authsessions from the table with such a UID and delete it first from the DBMS, then from memcached.
Code No. 1:
Code No. 2:
Task
Implement an optimal system of user sessions and authorization, with the option to "Log out on all computers." Protect the system from crashes (rebooting memcached), ensure efficient use of memory.
Implementation
1. You need to make a wrapper for storage (see code number 1). The code certainly needs to be adapted to your system (for example, specify the path to the memcache object).
2. Use $ session-> start (); only in those cases when you really need to access the session (for example, in the authorization controller). To get the session ID, use $ session-> getId ().
3. To authorize, enter a table in the DBMS (see code No. 2). It stores session identifiers and their corresponding user IDs. If authentication data is successfully entered, you need to insert the corresponding row in the table, and also enter the key “al.” In memcached =>.
When a certain user accesses the page, it is necessary to request $ session-> getId (), and if the string is returned, check the corresponding memcached first, if it is not found, request the authsessions table (and insert it into memcached), and use the received UID as such.
When you click the “Log out on all computers” button, you need to query all authsessions from the table with such a UID and delete it first from the DBMS, then from memcached.
Code No. 1:
$session = new session;
class session
{
public $lifeTime = 86400;
public $started = FALSE;
public function __construct ()
{
ini_set('session.cookie_lifetime',157680000);
ini_set('session.cookie_domain',COOKDOMAIN);
ini_set('session.name',COOKPREFIX.'sid');
ini_set('session.use_trans_sid',0);
ini_set('session.use_cookies',1);
}
public function getId()
{
$sn = ini_get('session.name');
if (isset($_REQUEST[$sn])) {return gpcvar_str($_REQUEST[$sn]);}
if (isset($_COOKIE[$sn])) {return gpcvar_str($_COOKIE[$sn]);}
$this->start();
return session_id();
}
public function start()
{
if ($this->started) {return;}
$this->started = TRUE;
$sn = ini_get('session.name');
session_set_save_handler(array($this,'open'),array($this,'close'),array($this,'read'),array($this,'write'),array($this,'destroy'),array($this,'gc'));
if (isset($_REQUEST[$sn])) {$_COOKIE[$sn] = gpcvar_str($_REQUEST[$sn]);}
session_start();
}
public function session_write_close() {return TRUE;}
public function open($savePath,$sessName) {return TRUE;}
public function close() {return TRUE;}
public function read($sessID) {return xE::$memcache->get('sess.'.$sessID);}
public function write($sessID,$sessData) {return xE::$memcache->set('sess.'.$sessID,$sessData,$this->lifeTime);}
public function destroy($sessID) {return xE::$memcache->delete('sess.'.$sessID);}
public function gc($lt) {return TRUE;}
}
function gpcvar_str(&$var) {if (is_array($var)) {return '';} return strval($var);}
* This source code was highlighted with Source Code Highlighter.
Code No. 2:
CREATE TABLE `xE_authsessions` (
`session_id` char(32) CHARACTER SET ascii COLLATE ascii_bin NOT NULL,
`uid` int(11) NOT NULL,
`ip` int(10) unsigned NOT NULL,
`ctime` int(11) NOT NULL,
PRIMARY KEY (`session_id`),
KEY `uid` (`uid`)
) ENGINE=InnoDB;
* This source code was highlighted with Source Code Highlighter.