Welcome Guest, Not a member yet? Register   Sign In
Resuming a DB session from one machine to another
#1

[eluser]CodeOfficer[/eluser]
Hey gang,

I searched the forums for an hour and was unable to find any discussion on this topic. I hope someone can point me in the right direction. 2 questions actually ... second one is tiny Smile

Question #1

I'm looking for some ideas on how I'd let a user log into my site and resume a session he might have started on another machine earlier that day, week, year, etc ...

Prior knowledge:

My sessions are set to be stored in the DB
Sessions get autoloaded for the entire site in my autoload.php file

Example:

Joe visits my website from his Dell while at work. (no worries, its work safe!) He doesn't know it yet, but my site knows how to store his session data in a database ( sess_match_ip & sess_match_useragent == false). He successfully logs into his account and a cookie is stored on his machine with only his session_id. He surfs for a bit and accumulates some data. (maybe hes shopping and filling a cart for later, or maybe hes filling out a long long form of information and wants to save its progress and come back to it.) Five o'clock ..... Joe goes home.

*not sure exactly which data I'd want in the session table at this point outside of the normal session_id, ip_address, user_agent, last_activity, session_data [user_id] but I'll continue ...*

About 8:00, Joe fires up his MacBook and visits my site. ...

... Now at this point, because sessions are autoloading, he has a generic session_id in the db and a matching cookie. what I am uncertain about is how to get Joe back to his session he had a few hours ago on another machine. I'm tripping over the logic involved in testing his imminent login against the session table ... specifically, in the situation that his prior session data might have important data in it.

Question #2

I assume its bad practice to store too much data directly into the sessions table. But a thought arrises, is it possible to query that data on the content of its session_data in any way? And unrelated to that question, when do old session records get cleaned out? I know cookies expire based on an expiration date, but what about older db records?

Thanks for your time, hope was clear on my confusion ... wait, is that even possible?
#2

[eluser]kgill[/eluser]
That's not really two questions but I'll tackle the easy stuff first:

#2A: is it possible to query that data on the content of its session_data in any way?

Yes it should be possible to query it, I can't say for certain since I've modified my session table/session library for my own purposes so yours isn't likely to look like mine but the easiest way would be to just look at the contents of the table.

#2B: when do old session records get cleaned out?

Look at the code in Session.php the values:

Code:
var $sess_length        = 7200;
        var $gc_probability     = 5;

Those get used in the garbage collection routine (sess_gc()): the probability is set at a 5% chance of doing the clean up and the sessions that are deleted are those that have their last activity date less than the current time minus the sess_length value.

#2C: is that even possible?

Probably not. Wink

#2 isn't a question but: I assume its bad practice to store too much data directly into the sessions table

How much info you store in the sessions table is really up to you but limited in how your sessions work, there is a max amount of data a cookie can store. If your cookies contain everything that's in the DB then you're going to hit it eventually. I messed with the session code to only store specific info in the cookie and the rest is kept server side so theoretically I'm only limited by the DB's max column size.

Question #1:

Something like what you want to do is going to require some customizing of the session code. Just a quick thought on one way to accomplish it: Add a column to the session table, use it to stick something like Joe's username in it. When a session is created check if any rows with that username exist already, if yes pull the data from the old session to the new session and delete the old, otherwise start a new blank session.

- K
#3

[eluser]CodeOfficer[/eluser]
Thanks K,

You're absolutely right on the question count ... I've been staring at this screen far too long.

Re: Question 1 ...

I've already configured a custom DB session class ... where a user's cookies only store the session_id and the rest is in the database. So, i guess its a small step to add the extra field(s) in the session table. I was more or less tripping up on the logic for retrieving an old session, but I think you clarified the workflow a little for me in your post. Many thanks!

Has anyone else already done this?




Theme © iAndrew 2016 - Forum software by © MyBB