Ralph, Thanks for your reply. Answers are inline: On Thu, Jul 8, 2010 at 7:31 PM, Ralph Schindler <[email protected]>wrote:
> Response inline.. > > > scs wrote: > >> Hello, >> >> I have 3 questions: >> 1. How can I find about a logged-in user's session data? >> I would like to see when was the session started, how long has the user >> been idle? and how much time left for session expire? >> > > That is a tough one if you are using files. PHP's garbage collector will > run on a specific interval looking for files that have old timestamps > (outside of a specificed range), and once it finds them, it will delete > them. > > If you wanted to iterate the session's file directory, you can get the last > modification or last access time of the files (whichever is available) and > you might get some information for when the last time the session was > active. You'd also have to actually open the files and unserialize the data > in order to determine who that session file belongs to. > > Your other option is to put sessions in the database, that might give you a > bit more flexibility to do this kind of introspection at the application > level. > I thought that some variables might be in the session such as idle time, session generated time, expiry time etc. That was why I asked that. I dumped the $_SESSION but there was not anything other than my user data and the standard hash elements of the login form. Why I wanted to see the expiry time was for testing if the session is valid till the time I set for expiry. I may switch session handler to database as you suggest. How about performance? Any decrease? > > > 2. I have a session setting in my application.ini file related to >> session's save_path as below: >> resources.session.save_path = path_to_project"/data/sessions" >> > > > is path_to_project a constant? only PHP constants are replaced in ini > files, we typically use APPLICATION_PATH whcih is typically defined in the > public/index.php > My directory structure is something like this: myproject ..application ......models ......modules ......etc ..data ......sessions ......etc ..public ... And the path_to_project_dir is a PHP constant I defined in public/index.php which corresponds to When I check the session.save_path via ini_get, I find the path is valid and shows the location I wanted. something like this: /var/www/data/sessions (of course apache is configured to as /public is the document root!) > If its the same as APPLICATION_PATH, then the files will be stored at > APPLICATION_PATH . '/data/sessions'. That directory will need to be > read/write by the web server. > And yes, the directory is writable by www-data user. Could that be related to other session variables such as use_cookies etc? > Otherwise, the data is going somewhere else, typically into /tmp/ > > I checked /tmp but nothing found accept for the zend cache files for zend_date scripts. > > However, the session cookie files are not saved on this location. How can >> I force this location? >> >> 3. I tried to implement remember me functionality for logins as below: >> //if login successfull >> Zend_Session::rememberMe($rememberMeSeconds);//remember me for 1 month. >> >> But this code sends the user to login form and does not give any error. >> However, when debugging via webdeveloper plugin, i see a cookie that is >> valid through the rememberMeSeconds. >> But still i have one more default cookie for the domain which is firstly >> created. >> >> What is the correct way to implement rememberme functionality? >> > > Can you determine why the cookie is not staying set? Are you calling this > only after authentication or on every request? It should only be during > authentication that you call this method. > I set the cookie (via Zend_Session:rememberMe...) only and once the auth is successfull. I see two cookies via webdeveloper plugin and I see that one of them(2nd one) is valid till the time I set. And indeed the session is valid even after hours (whereas it was only valid for half an hour before this setting). When i delete the 1st cookie, system sends me to login page. But when deleting the second nothing happends. The interesting thing, If uncomment the line below in the login/auth action: //Zend_Session::rememberMe($rememberMeSeconds);//remember me for 1 month. then instead of redirecting me to member area, site sends me to login form as if the login operation was unsuccessfull. and without any error... I think I might be doing something wrong or some settings in the application ini file are interfering.. zend fw version is 1.10.2 linux, debian, php 5.2.6 thanks > -ralph >
