Session lifetime extension

[GoogleCodeExporter]

We need to remember user sessions for a long period of time if an account
was created for them on ZP. This applies only to users without a login in
magento. We still remember them in Magento anyway.

The session should be extended to 3 months if:
* a user uploaded an image
* updated a preview

In either case a user is created in ZP, so we'd better remember it in
Magento too. The setting is not configurable. Not through the admin
interface. Keep it as a constant in the code somewhere.

What are the performance / storage implications with long sessions like this?

Original issue reported on code.google.com by zetapri...@gmail.com on 10 Feb 2010 at 10:52

[GoogleCodeExporter]

ZP uses Magento sessions to identify users, and Magento session lifetime is 
configurable here: System->General->Web->Session Cookie management->Cookie 
Lifetime.
I believe we can advice customers increase default 3600 second value.

Original comment by k.safro...@gmail.com on 19 Feb 2010 at 3:20

• Changed state: QnA

[GoogleCodeExporter]

No we can't. We do not want to extend session lifetime to every magento store 
accounts.
We need to extend it only for ZP linked accounts.

It's a trivial change in two places :-)

Original comment by Anatoly....@gmail.com on 19 Feb 2010 at 6:36

[GoogleCodeExporter]

We need to increase the session lifetime only for certain users and do it
automatically. We also need to reflect this change in documentation so admins 
know
what's happening.

Original comment by zetapri...@gmail.com on 19 Feb 2010 at 6:53

[GoogleCodeExporter]

Original comment by zetapri...@gmail.com on 19 Feb 2010 at 6:54

• Changed state: Accepted
• Added labels: Delivery-2010-02-19

[GoogleCodeExporter]

see r547

Original comment by k.safro...@gmail.com on 21 Feb 2010 at 5:05

• Changed state: Finished

[GoogleCodeExporter]

UploadController.php file was fully updated because of indentation changes.
Please review diffs before committing changes in svn.

Original comment by Anatoly....@gmail.com on 22 Feb 2010 at 4:37

[GoogleCodeExporter]

New code is in 1.8.0.0beta3 (installed on magedev)

Original comment by Anatoly....@gmail.com on 22 Feb 2010 at 10:31

• Changed state: ToTest

[GoogleCodeExporter]

Please give testing instructions for this issue.

Original comment by agur...@gmail.com on 22 Feb 2010 at 1:19

• Changed state: MoreWork

[GoogleCodeExporter]

Upload an image before calling it a day.
Click around the site. Make sure you still have the image in the library.
Turn the computer off and call it a day.

Go back to the site in the morning.
You should still see the image in the image library as if you uploaded it 5 
mins ago.

Original comment by zetapri...@gmail.com on 22 Feb 2010 at 7:44

• Changed state: ToTest

[GoogleCodeExporter]

Tested as instructed. Uploaded 2 images and both were in my library hours later.

Original comment by agur...@gmail.com on 23 Feb 2010 at 8:00

• Changed state: TestOK

[GoogleCodeExporter]

We need to document how the session duration is configured.

Original comment by zetapri...@gmail.com on 23 Feb 2010 at 8:27

• Changed state: MoreWork

[GoogleCodeExporter]

Issue 31 has been merged into this issue.

Original comment by zetapri...@gmail.com on 24 Feb 2010 at 7:28

[GoogleCodeExporter]

Original comment by k.safro...@gmail.com on 24 Feb 2010 at 7:40

• Changed state: Started

[GoogleCodeExporter]

The current approach won't work.

Do the following for unregistered users (unregistered in Mage)

Save all UserIDs and pwds in the DB in a separate table when a new user is 
created in ZP.
Send the user id to the browser as a cookie with 6 months lifetime.
Check if a user has a cookie with zp user id before creating a new one on ZP. 
Reuse
if possible.

This is only a proposal. #119 will be affected.

Original comment by zetapri...@gmail.com on 25 Feb 2010 at 11:23

[GoogleCodeExporter]

We need to validate the findings on how sessions are deleted on the server.
Can you post some brief explanations here for others to validate it?

Original comment by zetapri...@gmail.com on 25 Feb 2010 at 11:24

[GoogleCodeExporter]

As far as I know once per 50 page requests cleanup procedure initiated and 
sessions 
with 1h (can be changed in admin panel) of user inactivity are deleted from 
server.

Original comment by k.safro...@gmail.com on 25 Feb 2010 at 11:33

[GoogleCodeExporter]

Where is it in the code?

Original comment by Anatoly....@gmail.com on 25 Feb 2010 at 5:09

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Please deploy r562 for testing.

Original comment by k.safro...@gmail.com on 26 Feb 2010 at 8:37

[GoogleCodeExporter]

Regarding #17 - See /app/code/core/Mage/Core/Model/Mysql4/Session.php

Original comment by k.safro...@gmail.com on 26 Feb 2010 at 8:47

[GoogleCodeExporter]

In db length of 'pass' field is 7 symbols:

"CREATE TABLE `zetaprints_cookie`(`user_id` VARCHAR(200) NOT NULL , `pass`
VARCHAR(7), PRIMARY KEY (`user_id`));"

In the code you check 'pass' field length for 6 symbols:

if (strlen($c_pass)==6)

Is it right or wrong?

Original comment by Anatoly....@gmail.com on 26 Feb 2010 at 9:37

[GoogleCodeExporter]

6 is ok

Original comment by k.safro...@gmail.com on 26 Feb 2010 at 9:44

[GoogleCodeExporter]

Ok, but why do you create field in the DB with 7 symbols length?

Original comment by Anatoly....@gmail.com on 26 Feb 2010 at 9:52

[GoogleCodeExporter]

Testing instructions
Upload picture, make sure new ZP_ID cookie appeared. 
Make note of ZP UserID
Remove all cookies for domain except ZP_ID.
Reload website and make sure, that uploaded picture still exists and ZP UserID 
is same.

Original comment by k.safro...@gmail.com on 26 Feb 2010 at 1:26

[GoogleCodeExporter]

I cleared all cookies from zetaprints.com and uploaded an image. A new cookie
appeared but it was not ZP-ID, it was called frontend (cookie1.png).
I deleted it and refreshed the page. My image was gone from the library.

Original comment by agur...@gmail.com on 28 Feb 2010 at 9:33

• Changed state: MoreWork

Attachments:

• cookie1.png

[GoogleCodeExporter]

New code is in 1.8.0.0beta6

Original comment by Anatoly....@gmail.com on 28 Feb 2010 at 10:53

• Changed state: ToTest

[GoogleCodeExporter]

Waiting for issue #146 to be resolved so that I can upload images and test this 
one.

Original comment by agur...@gmail.com on 1 Mar 2010 at 11:28

• Changed state: MoreWork

[GoogleCodeExporter]

Original comment by Anatoly....@gmail.com on 2 Mar 2010 at 7:00

• Changed state: ToTest

[GoogleCodeExporter]

Tested as instructed. The images were remembered in the image library.

Uploaded the image and got this cookie (cookies_1.png).
Deleted the "frontend" cookie and refreshed the page. The ID cookie remained
(cookies_2.png)

Original comment by agur...@gmail.com on 2 Mar 2010 at 1:36

• Changed state: TestOK

Attachments:

• cookies_1.png
• cookies_2.png

[GoogleCodeExporter]

We need a wiki page explaining how it works, please.

Original comment by zetapri...@gmail.com on 2 Mar 2010 at 8:09

• Changed state: MoreWork

[GoogleCodeExporter]

Please see last section http://code.google.com/p/magento-w2p/wiki/UserManagement

Original comment by k.safro...@gmail.com on 4 Mar 2010 at 2:10

• Changed state: Finished

[GoogleCodeExporter]

We need to explain the whole process, where the data is retained, what sort of 
data,
what account is created where under what conditions, etc.
Try using an activity diagram for this.

Original comment by zetapri...@gmail.com on 8 Mar 2010 at 11:46

• Changed state: MoreWork

[GoogleCodeExporter]

Original comment by k.safro...@gmail.com on 12 Mar 2010 at 6:09

• Changed state: Finished

[GoogleCodeExporter]

Original comment by zetapri...@gmail.com on 24 Mar 2010 at 6:51

• Changed state: Done