Re: [PHP] Session Expiration?
Ok I think I understand this better, my garbage collection is working but I just didn't see it before. Until I check to see if the data was actually being deleted from the /tmp directory (der!). I was using just one browser to test this. So when I navigated through some test pages passing the PHPSESSID in the url and let it expire, the session_start() wouldn't do a garbage clean up against itself (if that makes sense) being the "parent" browser. Now I didn't see the garbage clean up until I launched the second browser and when it ran the session_start() it cleaned up the expired session of the first browser, thus any other activity on the first browser would cause the browser to go back to the login page. Thanks for your reply Matt - Original Message - From: "Jason Sheets" <[EMAIL PROTECTED]> To: "Matias Silva" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, January 09, 2003 8:38 PM Subject: Re: [PHP] Session Expiration? > First are you sure the data was not deleted? If the cookie is still set > in your browser a new session file will be created with the same session > id. > > I believe you adjust the session gc and the session max lifetime, > additionally if you are concerned about someone bookmarking a sessionid > or storing it in history take a look at the session.referer_check > configuration directive: > > ; Check HTTP Referer to invalidate externally stored URLs containing > ids. > ; HTTP_REFERER has to contain this substring for the session to be > ; considered as valid. > session.referer_check = > > Obviously it wont work with some browsers and referer is sent by the > client but every little bit helps. > > Jason > > On Thu, 2003-01-09 at 20:09, Matias Silva wrote: > > I have gone through the past posts and can't find an answer to my problem > > > > I'm using a URL based session management schema, and I was wondering how to > > set > > the session duration time. I know there is the session.gc_probability and > > session.gc_maxlifetime but > > that's only for garbage collection. Just for testing I set the probability > > to 100 and the maxlifetime to 60 > > just to see if my session would automatically expire, as my luck would have > > it didn't. I use session_start() > > in my test scripts so that should run with a 100% probability any garbage > > clean up of any sessions > > that are 1 minute old. > > > > I have the session.use_cookies set to 0 and, the session.cookie_lifetime > > only applies to cookies. So I don't > > know why my sessions are not expiring. Does anybody have any Idea? Should > > I just be manually checking > > for the duration of the session(?) and then delete it if it has expired? > > > > Best, > > Matt > > > > > > Matt Silva > > > > - > > Empower Software Technologies > > [EMAIL PROTECTED] > > PH 909.672.6257 > > FX 909.672.6258 > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions and objects
I create a new object and then assign it to a session var $customer = new Customer($_GET['facilityID'], $_GET['customerID']); $_SESSION['acceptPayment']['customer'] = $customer; but later when I access that session var [in the the same file but in a different function and different instance], php gives me an error saying: "The script tried to execute a methode or access a property of an incomplete object. Pleas ensure that the class definition lt;bgt;customerlt;/bgt; of the object you are trying to operate on was loaded _before_ the session was started at /acceptPayment.php line 103" I did a little reading (rtfm) on php.net and saw that if session.auto_start is turned on, you couldn't use Objects with sessions. Well I checked my ini and the session.auto_start was set to 0, so I am now scratching my head in confusion. I require_once the Customer class and start the session after the requires and includes, so then I thought ok require_once so I change it to require and then it doesn't load the class the for some reasone (sigh). Any Ideas? Thanks for your help in advance Matt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Object can not be used after a session
Hi I was wondering if anybody has any Ideas about or has experienced this I create a new object and then assign it to a session var $customer = new Customer($_GET['facilityID'], $_GET['customerID']); $_SESSION['acceptPayment']['customer'] = $customer; but later when I access that session var [in the the same file but in a different function and different instance], php gives me an error saying: "The script tried to execute a methode or access a property of an incomplete object. Pleas ensure that the class definition lt;bgt;customerlt;/bgt; of the object you are trying to operate on was loaded _before_ the session was started at /acceptPayment.php line 103" I did a little reading (rtfm) on php.net and saw that if session.auto_start is turned on, you couldn't use Objects with sessions. Well I checked my ini and the session.auto_start was set to 0, so I am now scratching my head in confusion. I require_once the Customer class and start the session after the requires and includes, so then I thought ok require_once so I change it to require and then it doesn't load the class the for some reason (sigh). Thanks for your help in advance Matt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Object can not be used after a session
It turns out when I was assigning the object to the session var, the object was not
getting
serialized. Serializing takes a variable and makes it into a string describing the
variable and
the value. This could be done for any variable type except Resources (MySQL
connection vars) and
Results (the result from a query).
Serialization happens automatically through the session_register() function, but you
can only
use session_register if the the register_globals is turned on in the ini. I would
like to move away
from the the practice of using globals and eventually turn off the register_globals.
For some reason I tried to register my $customer object using the
session_register("customer") and
that seem to fail (not the actual registering, but the reuse of the object) so now
this is a solution that I
saw in the php documentation:
$customer = new Customer($_GET['facilityID'], $_GET['customerID']);
$_SESSION['acceptPayment']['serializedCustomer'] = serialize($customer);
so now when I have moved on to another page or another instance of the same page and
I want to access the object from the session var, I do so like this:
$customer = unserialize($_SESSION['acceptPayment']['serializedCustomer']);
and now you can access the object. There is a hidden jewl about this method, I now no
longer
have to include or require the class file because it is already defined in the
serialized string.
Matt
Matt Silva wrote:
Hi I was wondering if anybody has any Ideas about or has experienced
this
I create a new object and then assign it to a session var
$customer = new Customer($_GET['facilityID'], $_GET['customerID']);
$_SESSION['acceptPayment']['customer'] = $customer;
but later when I access that session var [in the the same file but in a
different function and different instance], php gives me an error saying:
"The script tried to execute a methode or access a property of an
incomplete object. Pleas ensure that the class definition
lt;bgt;customerlt;/bgt; of the object you are trying to operate on was
loaded _before_ the session was started
at /acceptPayment.php line 103"
I did a little reading (rtfm) on php.net and saw that if
session.auto_start is turned on, you couldn't use Objects with
sessions. Well I checked my ini and the session.auto_start was set to
0, so I am now scratching my head in confusion.
I require_once the Customer class and start the session after the
requires and includes, so then I thought ok require_once
so I change it to require and then it doesn't load the class the for
some reason (sigh).
Thanks for your help in advance
Matt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Object can not be used after a session
Wow thats strange?? I am using PHP 4.3.2 as well and I don't see that happening where it serializes the object when assigning it to the $_SESSION. I am using the dbg debugger and nusphere PHP editor and I can step through the code and as I do it shows that the session var is not serialized. However when I checked the session data in the /tmp directorie it appears to serialized It could be that my version of PHP doesn't match the dbg version and dbg reporting back false information (which I have to look into that). Also I checked my ini settings and it shows the session.serialize_handler = php which should be default. Another thing is that I didn't come accross in my reading of http://www.php.net/manual/en/language.oop.serialization.php where it says that objects assigned to the global $_SESSION var is automatically serialized. I did see that if you use the session_register() function it automatically serializes but again I'd like to avoid that. Right now it seems I have many unkowns, so i'm going to narrow them down Matt Mike Migurski wrote: $customer = new Customer($_GET['facilityID'], $_GET['customerID']); $_SESSION['acceptPayment']['serializedCustomer'] = serialize($customer); so now when I have moved on to another page or another instance of the same page and I want to access the object from the session var, I do so like this: $customer = unserialize($_SESSION['acceptPayment']['serializedCustomer']); and now you can access the object. There is a hidden jewl about this method, I now no longer have to include or require the class file because it is already defined in the serialized string. Really, you don't need the serialize/unserialize in there, as they are handled automagically. $_SESSION['customer'] = $customer; and $customer = $_SESSION['customer'] should work just fine. I'm doing this with 4.3.2, and a casual glance at my sess_* files in /tmp shows that the objects are stored in serialized form and the __sleep() method is called the usual way. My understanding is that classes must be defined prior to unserializing an object if you dan't want to risk having the object becoming disassociated from its class, but your method above does have the advantage that you decide when that serialization takes places and can load the classes there, rather than having to do so prior to session_start(). http://www.php.net/manual/en/language.oop.serialization.php - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Object can not be used after a session
Hi Mike Yes your right about when the session data is updated. The problem then lies in when I try to read the object from the session var. I include at the top of the file the class definition. Not to get sidetracked but when you say you wrote another layer, are you talking about utilizing the __sleep() and __wakeup functions and then serializing/unserializing within those functions? so far manually serialize-ing and unserialize-ing prior to assigning the object and after retrieving the object seems to work. Matt Mike Migurski wrote: Wow thats strange?? I am using PHP 4.3.2 as well and I don't see that happening where it serializes the object when assigning it to the $_SESSION. It doesn't do it when you assign it into the $_SESSION array, it does it when the script completes and updated session data is written to the session file. This actually caused me a lot of grief a while back, when scripts were bombing out and session data was being lost - I ended up writing another layer on top of the session that explicitly wrote crucial data at critical junctures, rather than relying on the built-in support. - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html
