Welcome Guest, Not a member yet? Register   Sign In
Session Garbage Collection for expired logged in users
#1

[eluser]Aleazus[/eluser]
How to Use:

1. Open System - Libraries - Session.php
2. Scroll down to the function sess_gc() and replace it with the code below.
3. When a user logs into your website - $this->session->set_userdata('logged_in','1');
4. When they log off - $this->session->unset_userdata('logged_in')
5. $expire has a value currently set at 7200 - 2hours -which you can change.
6. new sess_destroy function modified as indicated


Function purposes:

1. Logging out does not destroy a user's session therefore they keep their cart contents.
2. All Sessions expire after 7200 seconds if their cart is empty.
3. This function is specifically designed for a modified session expiration that you may or may not find useful.


function sess_gc()
{
srand(time());
if ((rand() % 100) < $this->gc_probability)
{
$query = $this->object->db->get($this->session_table);
foreach ($query->result() as $key => $val)
{
$session[$key] = $val;
}
for ($i=0; $i<$query->num_rows(); $i++)
{
if ((stripos($compare, "logged_in")) | (stripos($compare, "cart_contents") === false))
{
$session_id = $session[$i]->session_id;
$expire = $this->now - 7200;
if ($session[$i]->last_activity < $expire)
{
$this->sess_destroy($session_id);
}
}
}
log_message('debug', 'Session garbage collection performed.');
}
}


function sess_destroy($session_id)
{
if( isset( $session_id )){
$this->object->db->where('session_id', $session_id);
$this->object->db->delete($this->session_table);
}
}
#2

[eluser]gyo[/eluser]
Why didn't you suggest to extend the library instead of changing the original?

Don't you think it's just easier to do a $this->session->sess_destroy(); when the users logout?

Also, this change is very specific for your needs, I'm not sure other people might benefit from this code Smile
Or maybe I'm missing something...
#3

[eluser]pickupman[/eluser]
With the session class, you have the option to set garbage collection time.
Code:
$config['sess_time_to_update']     = 300; //default is 5mins.

gyo is right $this->session->sess_destroy() might be a better idea, or if you don't want to destroy the session, you can also set the value to FALSE;
#4

[eluser]WanWizard[/eluser]
I never destroy the users session. I use a specific session variable (an array) to track the logged-in state of a user, and remove that variable when the user logs out.

All other session variables remain present, so they can be reused the next time the user logs on (as long as this happens within the session expiry time). This also allows you to have a login expiry that is different from the session expiry.
#5

[eluser]Aleazus[/eluser]
This code uses a similar method though deletes sessions with no relevant session data.
logged_in is the specific session variable for this script as you had described.
#6

[eluser]WanWizard[/eluser]
I still fail to see the advantage of this code compared to the normal garbage collection method.

IMHO it's pointless to want to skip certain session records from removal simply because the user closed the browser without logging out. If they are past their expiry time, they will be invalid anyway. Select a workable expiry time for your sessions, and let the library do the rest.
#7

[eluser]Aleazus[/eluser]
I currently have no expire time for sessions. I set a session data array variable logged_in to simulate an expire time for logged-in sessions. Through the modified garbage collection it only deletes expired logged in users and null cart sessions. The only simple change I plan to make is to not destroy a logged in user's session if they have a cart, rather log them off. If you would post how you setup your session expiration functionality, that would be much appreciated and I would have a direct comparison.
#8

[eluser]WanWizard[/eluser]
I find the setup a bit odd.

In our case, you will keep all session records that have a logged-in flag (everyone that closed the browser without logging off, that is 99% of the users?) or cart contents. Forever? Over time, that's going to be quite a database I'm afraid, hardly any records will be deleted.

I would rather opt for a session expiry of say one month (I can't judge what period is long enough for you). Everyone that hasn't visited the site in a month won't be interested in keeping the login state remembered, and chances are the cart contents is out of date (products and prices tend to change). And have CI do the garbage collection. You can increase the gc probablility if you want the gc to happen more often.

ExiteCMS allows the administrator to define the session expiry, from 'expire when browser closes' to never. Our code is Open Source and public, see the link in my signature.
#9

[eluser]Aleazus[/eluser]
Good deal. I'll have to check that out.




Theme © iAndrew 2016 - Forum software by © MyBB