Closed sangasangasanga closed 2 years ago
I'd do it in the write
method by changing
// get the active (not expired) result associated with the session id and hash
$result = $this->query('
SELECT
session_data
FROM
' . $this->table_name . '
WHERE
session_id = ?
AND session_expire > ?
AND hash = ?
LIMIT
1
', $session_id, time(), md5($hash));
// if there were no errors and data was found
if ($result !== false && $result['num_rows'] > 0)
// return session data
// don't bother with the unserialization - PHP handles this automatically
return $result['data']['session_data'];
to
// get the active (not expired) result associated with the session id and hash
$result = $this->query('
SELECT
session_data,
session_expire,
FROM
' . $this->table_name . '
WHERE
session_id = ?
AND session_expire > ?
AND hash = ?
LIMIT
1
', $session_id, time(), md5($hash));
// if there were no errors and data was found
if ($result !== false && $result['num_rows'] > 0) {
// do it here
if ($result['data']['session_expire'] - time() < 3600) {
die('session is about to expire in less than an hour');
}
// return session data
// don't bother with the unserialization - PHP handles this automatically
return $result['data']['session_data'];
}
this is untested code, but you should get the idea
Hi @stefangabos, thanks for your prompt reply. I get the idea but for write() function seems to be different from mine.
`/**
@access private */ function write($session_id, $session_data) {
// insert OR update session's data - this is how it works:
// first it tries to insert a new row in the database BUT if session_id is already in the database then just
// update session_data and session_expire for that specific session_id
// read more here http://dev.mysql.com/doc/refman/4.1/en/insert-on-duplicate.html
$result = $this->_mysql_query('
INSERT INTO
' . $this->table_name . ' (
session_id,
hash,
session_data,
session_expire
)
VALUES (
"' . $this->_mysql_real_escape_string($session_id) . '",
"' . $this->_mysql_real_escape_string(md5(($this->lock_to_user_agent && isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '') . ($this->lock_to_ip && isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '') . $this->security_code)) . '",
"' . $this->_mysql_real_escape_string($session_data) . '",
"' . $this->_mysql_real_escape_string(time() + $this->session_lifetime) . '"
)
ON DUPLICATE KEY UPDATE
session_data = "' . $this->_mysql_real_escape_string($session_data) . '",
session_expire = "' . $this->_mysql_real_escape_string(time() + $this->session_lifetime) . '"
');
// if anything happened, return TRUE
// if something went wrong, return false
return $result ? true : false;
}`
sorry, i meant the read
method
Hi @stefangabos , thank you I saw it. I tried changing as per suggestion. No matter what i put inside that the if statement, the error persists. Kindly need your help on this. Warning: session_start(): Failed to read session data: user Fatal error: Uncaught Error: Cannot use object of type mysqli_result as array in ..zebra_session.php:514
i don't know what those screenshots are from. if that's from the library, that is not the latest version. i just tried the changes i suggested and they seem to work fine
yup, you seem to be using a pre-3.0 version. please update to the latest
Hi @stefangabos, sorry for the late reply. I managed to try with the latest code. I am having 2 issues: 1) session_lifetime worked fine for me before but it is not being set when I change to the latest version
2) I tested the code but i am still getting errors from it
thank you for your kind assistance in advance :)
it says that you forgot to add session_expire
to the query - see my previous posts
as mentioned, you need to change
SELECT
session_data
FROM
to
SELECT
session_data,
session_expire,
FROM
Hi @stefangabos , that solved the 2nd issue. Thanks. However, I am not able to test it as I am not able to set the session_lifetime to something shorter as mentioned in my first issue. Kindly need your help on this. It worked before but not sure why its not working with the latest version
i just realized that this approach is not working.
if you are there, then the session lifetime is automatically extended so you would never get to die()
this is how sessions work - as long as you are active, with each touching of the session library, your session is extended with the session lifetime, so it will never expire as long as you are active; and you are reading it only
when you are active
Hi @stefangabos, that's cool. But what if I need it to log the person out if the person is not active for x mins? How does the logic work for this?
you don't need to modify the library for that.
you need to read about building a login page using sessions in PHP
basically, the very basic gist of it, would be that once the user authenticates you set something like $_SESSION['id'] = '123'
or something. as long as that isset($_SESSION['id'])
, the user is logged in. when that variable is not available you need the user to log in again
Hi @stefangabos, thanks for the help. It works now. Thanks!
Hi, I have successfully implemented the zebra session and it works wonderfully. I would like to add an alert when the session is going to expire or expire. I analyzed your code and tried to add it to the write() function. That didn't work. Kindly need your assistance on this. Thank you in advance :)