We are not using cookies to send the session id to the server, but instead
rewrite URLs to contain the session-id (switch off Cookies and go to
http://www.amazon.com for a similar experience). When a user hits us with a
request we lookup the session-data in the session-table and jump to a
"sorry session expired page" if the timestamp is older than 30 minutes. If
the session does not exist in the session store then we jump to the
"homepage". Otherwise we call Apache::Session's 'tie' to grab the data.
Some of you may wonder about the first lookup of the session data, instead
of leaving it up to Apache::Session to figure out whether the session still
exists. In pre-5.6 days an eval { tie ... Apache::Session }; would take
down the process with a bunch of 'POPSTACKs'. That's why still have the
code in there which checks for the existance of the session row.
Makes sense?
Tobias
At 10:09 AM 6/2/00 -0400, Niral Trivedi wrote:
>Tobias,
>
>What do you exactly mean by line 'Internally the session will expire
>after 30 minutes.'???
>
>Is it something internal to Apache::Session or you have it programmed on
>custom basis or what???
>
>Niral
>
>Tobias Hoellrich wrote:
>>
>> At 09:26 AM 6/2/00 +1000, Adam Cassar wrote:
>> >I was wondering how people are clearing out old Apache::Session's
>> >
>> >No timestamp is used on the fields used by Apache::Session, so how do
>> >we clear the old sessions?
>> >
>> >I am not talking about the delete() method to remove a session, as that
>> >presumes that a user will always leave your site via pre-defined access
>> >points.
>> >
>>
>> Adam,
>>
>> nobody stops you from adding a timestamp :-)
>>
>> mysql> describe sessions;
>> +-----------+---------------+------+-----+---------+-------+
>> | Field | Type | Null | Key | Default | Extra |
>> +-----------+---------------+------+-----+---------+-------+
>> | id | varchar(16) | | MUL | | |
>> | modtime | timestamp(14) | YES | | NULL | |
>> | a_session | blob | YES | | NULL | |
>> +-----------+---------------+------+-----+---------+-------+
>> 3 rows in set (0.00 sec)
>>
>> For every access to a session entry mysql will automatically set the first
>> timestamp field in a row to the current time. We run a cronjob every 15
>> minutes, which does a:
>>
>> #!/bin/sh
>> /usr/local/mysql/bin/mysql -pxxxxx -uxxxx sessions << EOSQL
>> delete from sessions where time_to_sec(now()) -
>time_to_sec(modtime) >
>> 60*60;
>> EOSQL
>>
>> to clear any session entry older than one hour. Internally the session wil
>> expire after 30 minutes.
>>
>> Hope this helps
>> Tobias
