Handling sessions without Apache sessions


You are all familiar that Apache sessions are slow and sometimes insecure. In this text I will try to implement way of handling sessions with all Doo::cache mechanisms that are available in DooPhp.
So our sessions will be stored in some of the cache mechanisms. First we will start with writting our session class that will start and end session, we will save it in protected/class folder.
Here is our Session.class

01.
<?php
02.
/**
03.

  • class Session
    09.
    {
    10.

11.
public static $_sessionId = NULL;
12.
public static $session = array();
13.

14.
/**
15.

  • Start session
    16.
    / 17. public static function startSession() { 18. self::$_sessionId = (isset($_COOKIE[‘session_id’]) ? $_COOKIE[‘session_id’] : NULL); 19. if ((!self::$_sessionId)||(!(self::$session=Doo::cache(Doo::conf()->sessionCacheType)->get(‘session_’.self::$_sessionId)))) { 20. // Create new session 21. self::$_sessionId = md5($_SERVER[‘REMOTE_ADDR’] . time() . rand(0,128)); 22. self::$session[‘ip’] = $_SERVER[‘REMOTE_ADDR’]; 23. self::$session[‘created’] = time(); 24. } 25. setcookie(‘session_id’, self::$_sessionId, (time()+360024*90), ‘/’);
    26.
    }
    27.

28.
/**
29.

  • End session
    30.
    */
    31.
    public static function endSession() {
    32.
    $sessionStored = Doo::cache(Doo::conf()->sessionCacheType)->set(‘session_’.self::$_sessionId, self::$session);
    33.
    }
    34.

35.
}
You all noticed variable Doo::conf()->sessionCacheType so we need to add it in our protected/config/common.conf edit it and add:

1.
$config[‘sessionCacheType’] = ‘apc’;
You can choose any type that is supported in Doo::cache, now we will edit our index.php, here is my bootstrap:

1.
<?php
2.
/**
3.

  • BOOTSTRAP
    4.
    */
    5.
    //ini_set(‘display_errors’, 1);
    6.
    include ‘./protected/config/common.conf.php’;
    7.
    include ‘./protected/config/routes.conf.php’;
    8.
    include $config[‘BASE_PATH’].’Doo.php’;
Previous PostNextNext Post

Leave a Reply

Your email address will not be published.