Re: cleaning old Apache::Session's

2000-06-02 Thread Tobias Hoellrich 

We are not using cookies to send the session id to the server, but instead
rewrite URLs to contain the session-id (switch off Cookies and go to
http://www.amazon.com for a similar experience). When a user hits us with a
request we lookup the session-data in the session-table and jump to a
"sorry session expired page" if the timestamp is older than 30 minutes. If
the session does not exist in the session store then we jump to the
"homepage". Otherwise we call Apache::Session's 'tie' to grab the data. 
Some of you may wonder about the first lookup of the session data, instead
of leaving it up to Apache::Session to figure out whether the session still
exists. In pre-5.6 days an eval { tie ... Apache::Session }; would take
down the process with a bunch of 'POPSTACKs'. That's why still have the
code in there which checks for the existance of the session row. 

Makes sense?

  Tobias

At 10:09 AM 6/2/00 -0400, Niral Trivedi wrote:
>Tobias,
>
>What do you exactly mean by line 'Internally the session will expire
>after 30 minutes.'???
>
>Is it something internal to Apache::Session or you have it programmed on
>custom basis or what???
>
>Niral
>
>Tobias Hoellrich wrote:
>> 
>> At 09:26 AM 6/2/00 +1000, Adam Cassar wrote:
>> >I was wondering how people are clearing out old Apache::Session's
>> >
>> >No timestamp is used on the fields used by Apache::Session, so how do
>> >we clear the old sessions?
>> >
>> >I am not talking about the delete() method to remove a session, as that
>> >presumes that a user will always leave your site via pre-defined access
>> >points.
>> >
>> 
>> Adam,
>> 
>> nobody stops you from adding a timestamp :-)
>> 
>> mysql> describe sessions;
>> +---+---+--+-+-+---+
>> | Field | Type  | Null | Key | Default | Extra |
>> +---+---+--+-+-+---+
>> | id| varchar(16)   |  | MUL | |   |
>> | modtime   | timestamp(14) | YES  | | NULL|   |
>> | a_session | blob  | YES  | | NULL|   |
>> +---+---+--+-+-+---+
>> 3 rows in set (0.00 sec)
>> 
>> For every access to a session entry mysql will automatically set the first
>> timestamp field in a row to the current time. We run a cronjob every 15
>> minutes, which does a:
>> 
>> #!/bin/sh
>> /usr/local/mysql/bin/mysql -px -u sessions << EOSQL
>>   delete from sessions where time_to_sec(now()) - 
>time_to_sec(modtime) >
>> 60*60;
>> EOSQL
>> 
>> to clear any session entry older than one hour. Internally the session wil
>> expire after 30 minutes.
>> 
>> Hope this helps
>>Tobias

RE: cleaning old Apache::Session's

2000-06-02 Thread Jerrad Pierce 

I think he means that the session is removed from the server, but the sesion
ID (cookie) was not set to expire...

  o _
 /|/ |   Jerrad Pierce \ | __|_ _|
 /||/   http://pthbb.org  .  | _|   |
 \||  _.-~-._.-~-._.-~-._@"  _|\_|___|___|


> -Original Message-
> From: Niral Trivedi [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 02, 2000 10:09
> To: Tobias Hoellrich
> Cc: Adam Cassar; [EMAIL PROTECTED]
> Subject: Re: cleaning old Apache::Session's
> 
> 
> Tobias,
> 
> What do you exactly mean by line 'Internally the session will expire
> after 30 minutes.'???
> 
> Is it something internal to Apache::Session or you have it 
> programmed on
> custom basis or what???
> 
> Niral
> 
> Tobias Hoellrich wrote:
> > 
> > At 09:26 AM 6/2/00 +1000, Adam Cassar wrote:
> > >I was wondering how people are clearing out old Apache::Session's
> > >
> > >No timestamp is used on the fields used by 
> Apache::Session, so how do
> > >we clear the old sessions?
> > >
> > >I am not talking about the delete() method to remove a 
> session, as that
> > >presumes that a user will always leave your site via 
> pre-defined access
> > >points.
> > >
> > 
> > Adam,
> > 
> > nobody stops you from adding a timestamp :-)
> > 
> > mysql> describe sessions;
> > +---+---+--+-+-+---+
> > | Field | Type  | Null | Key | Default | Extra |
> > +---+---+--+-+-+---+
> > | id| varchar(16)   |  | MUL | |   |
> > | modtime   | timestamp(14) | YES  | | NULL|   |
> > | a_session | blob  | YES  | | NULL|   |
> > +---+---+--+-+-+---+
> > 3 rows in set (0.00 sec)
> > 
> > For every access to a session entry mysql will 
> automatically set the first
> > timestamp field in a row to the current time. We run a 
> cronjob every 15
> > minutes, which does a:
> > 
> > #!/bin/sh
> > /usr/local/mysql/bin/mysql -px -u sessions << EOSQL
> >   delete from sessions where time_to_sec(now()) - 
> time_to_sec(modtime) >
> > 60*60;
> > EOSQL
> > 
> > to clear any session entry older than one hour. Internally 
> the session wil
> > expire after 30 minutes.
> > 
> > Hope this helps
> >Tobias
>

Re: cleaning old Apache::Session's

2000-06-02 Thread Niral Trivedi 

Tobias,

What do you exactly mean by line 'Internally the session will expire
after 30 minutes.'???

Is it something internal to Apache::Session or you have it programmed on
custom basis or what???

Niral

Tobias Hoellrich wrote:
> 
> At 09:26 AM 6/2/00 +1000, Adam Cassar wrote:
> >I was wondering how people are clearing out old Apache::Session's
> >
> >No timestamp is used on the fields used by Apache::Session, so how do
> >we clear the old sessions?
> >
> >I am not talking about the delete() method to remove a session, as that
> >presumes that a user will always leave your site via pre-defined access
> >points.
> >
> 
> Adam,
> 
> nobody stops you from adding a timestamp :-)
> 
> mysql> describe sessions;
> +---+---+--+-+-+---+
> | Field | Type  | Null | Key | Default | Extra |
> +---+---+--+-+-+---+
> | id| varchar(16)   |  | MUL | |   |
> | modtime   | timestamp(14) | YES  | | NULL|   |
> | a_session | blob  | YES  | | NULL|   |
> +---+---+--+-+-+---+
> 3 rows in set (0.00 sec)
> 
> For every access to a session entry mysql will automatically set the first
> timestamp field in a row to the current time. We run a cronjob every 15
> minutes, which does a:
> 
> #!/bin/sh
> /usr/local/mysql/bin/mysql -px -u sessions << EOSQL
>   delete from sessions where time_to_sec(now()) - time_to_sec(modtime) >
> 60*60;
> EOSQL
> 
> to clear any session entry older than one hour. Internally the session wil
> expire after 30 minutes.
> 
> Hope this helps
>Tobias

Re: cleaning old Apache::Session's

2000-06-01 Thread Michael Schout 

On Fri, Jun 02, 2000 at 09:26:45AM +1000, Adam Cassar wrote:
> I was wondering how people are clearing out old Apache::Session's
> 
> No timestamp is used on the fields used by Apache::Session, so how do
> we clear the old sessions? 
> 
> I am not talking about the delete() method to remove a session, as that
> presumes that a user will always leave your site via pre-defined access
> points.

As was mentiuoned, TMTOWTDI, but for postgresql, you can just do:

CREATE TABLE sessions (
  id VARCHAR(32) NOT NULL,
  ts TIMESTAMP NOT NULL DEFAULT NOW(),
  a_session TEXT,
  PRIMARY KEY (id)
);

Which works.

Another equivalent solution would involve setting up a "view" on a different
table abd setting up RULES that update the timestamp.  E.g.:

CREATE TABLE session_data (
id CHAR(32) NOT NULL,
ts TIMESTAMP NOT NULL,
a_session TEXT,
PRIMARY KEY (id)
);

CREATE VIEW sessions AS SELECT id,a_session FROM session_data;

CREATE RULE sessions_update AS ON UPDATE TO sessions
DO INSTEAD
UPDATE session_data SET
   id = NEW.id,
   a_session = NEW.a_session,
   ts = CURRENT_TIMESTAMP
 WHERE id = OLD.id;

CREATE RULE sessions_delete AS ON DELETE TO sessions
DO INSTEAD
DELETE FROM session_data
  WHERE id = OLD.id;

CREATE RULE sessions_insert AS ON INSERT TO sessions
DO INSTEAD
INSERT INTO session_data
(id, a_session, ts)
 VALUES (NEW.id, NEW.a_session, CURRENT_TIMESTAMP);

This works too.  And has the added nifty feature that "sessions" looks exactly
like what Apache::Session expects to find.  

I'm sure there are other ways to do it (plpgsql, triggers come to mind) for
postgresql.  As I said, TMTOWTDI.

I'm sure nearly every dbms out there can use some variant of one of the above
two methods...  You'll just have to adapt it for your particular DBMS.

Mike

Re: cleaning old Apache::Session's

2000-06-01 Thread Richard Dice 

> Theres a problem with that however...it assumes you use mySQL.  I use Oracle,
> and it doesn't provide that functionality; you need to alter the INSERT or
> UPDATE statements to include passing a SYSDATE into the timestamp field. 
> 'Course, you could create a trigger that adds the SYSDATE after an insert or
> update, but thats not really elegant...and PL_SQL really sucks
> (warning...flamebait)

While perhaps the syntax "timestamp" suggested that I only meant that this
would work for MySQL, I didn't.  I figured that people could mentally
substitute in whatever the equivalent was for their dbms.  I know that
there is are equivalents for Postgresql and MS SQL Server (the other 2
dbms' I've worked with), and I figure that most should have something like
this.  I'm surprised to hear that Oracle makes it _that_ hard to get at this
kind of functionality.

Oh well... we've all got fights to fight.

Here's another possible approach to the problem them...

Put datetime information _inside_ the session, and then run a crom job
every time that opens up _every_ session, checks against the datetime
info, and deletes based on that information.

Isn't life ugly when you don't have a timestamp type in your dbms? :-)

Cheers,
Richard


 Richard Dice * Personal 514 816 9568 * Fax 514 816 9569
 ShadNet Creator * http://shadnet.shad.ca/ * [EMAIL PROTECTED]
 Occasional Writer, HotWired * http://www.hotwired.com/webmonkey/
 "squeeze the world 'til it's small enough to join us heel to toe"
 - jesus jones

Re: cleaning old Apache::Session's

2000-06-01 Thread Tobias Hoellrich 

At 09:26 AM 6/2/00 +1000, Adam Cassar wrote:
>I was wondering how people are clearing out old Apache::Session's
>
>No timestamp is used on the fields used by Apache::Session, so how do
>we clear the old sessions? 
>
>I am not talking about the delete() method to remove a session, as that
>presumes that a user will always leave your site via pre-defined access
>points.
>

Adam,

nobody stops you from adding a timestamp :-)

mysql> describe sessions;
+---+---+--+-+-+---+
| Field | Type  | Null | Key | Default | Extra |
+---+---+--+-+-+---+
| id| varchar(16)   |  | MUL | |   |
| modtime   | timestamp(14) | YES  | | NULL|   |
| a_session | blob  | YES  | | NULL|   |
+---+---+--+-+-+---+
3 rows in set (0.00 sec)

For every access to a session entry mysql will automatically set the first
timestamp field in a row to the current time. We run a cronjob every 15
minutes, which does a:


#!/bin/sh
/usr/local/mysql/bin/mysql -px -u sessions << EOSQL
  delete from sessions where time_to_sec(now()) - time_to_sec(modtime) >
60*60;
EOSQL

to clear any session entry older than one hour. Internally the session wil
expire after 30 minutes. 


Hope this helps
   Tobias

RE: cleaning old Apache::Session's

2000-06-01 Thread Michael Nachbaur 

Theres a problem with that however...it assumes you use mySQL.  I use Oracle, and it 
doesn't provide that functionality; you need to alter the INSERT or UPDATE statements 
to include passing a SYSDATE into the timestamp field.  'Course, you could create a 
trigger that adds the SYSDATE after an insert or update, but thats not really 
elegant...and PL_SQL really sucks (warning...flamebait)

-man

-Original Message-
From: Richard Dice [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 01, 2000 4:31 PM
To: Adam Cassar
Cc: [EMAIL PROTECTED]
Subject: Re: cleaning old Apache::Session's


> I was wondering how people are clearing out old Apache::Session's
> 
> No timestamp is used on the fields used by Apache::Session, so how do
> we clear the old sessions?
> 
> I am not talking about the delete() method to remove a session, as that
> presumes that a user will always leave your site via pre-defined access
> points.

This is how I handle it...

Your 'sessions' table schema has to have _at least_ the columns in it that
are talked about in the Apache::Session documentation.  That doesn't mean
that you can't add on your own timestamp column as well.  Your program
can use that as a basis upon which to delete rows.

Cheers,
Richard


 Richard Dice * Personal 514 816 9568 * Fax 514 816 9569
 ShadNet Creator * http://shadnet.shad.ca/ * [EMAIL PROTECTED]
 Occasional Writer, HotWired * http://www.hotwired.com/webmonkey/
 "squeeze the world 'til it's small enough to join us heel to toe"
 - jesus jones

Re: cleaning old Apache::Session's

2000-06-01 Thread Richard Dice 

> I was wondering how people are clearing out old Apache::Session's
> 
> No timestamp is used on the fields used by Apache::Session, so how do
> we clear the old sessions?
> 
> I am not talking about the delete() method to remove a session, as that
> presumes that a user will always leave your site via pre-defined access
> points.

This is how I handle it...

Your 'sessions' table schema has to have _at least_ the columns in it that
are talked about in the Apache::Session documentation.  That doesn't mean
that you can't add on your own timestamp column as well.  Your program
can use that as a basis upon which to delete rows.

Cheers,
Richard


 Richard Dice * Personal 514 816 9568 * Fax 514 816 9569
 ShadNet Creator * http://shadnet.shad.ca/ * [EMAIL PROTECTED]
 Occasional Writer, HotWired * http://www.hotwired.com/webmonkey/
 "squeeze the world 'til it's small enough to join us heel to toe"
 - jesus jones