Re: [PHP] RE: How do I prevent a session from rebuilding itself?
On 7/12/06, Daevid Vincent [EMAIL PROTECTED] wrote:
I am thinking you are killing the first session, rming the
files, then
creating a new session. At the end of the page the data that was in
memory is getting written to the new session file.
Yes. That's what is happening as I said. I don't want it to re-write.
Just to be clear, what exactly are you trying to do? Are you trying
to kill a session, as in log a person off? Then do so within PHP:
[code]
// set $_SESSION to empty array
$_SESSION = array();
// if saving session in cookie, clear that out too
if(isset($_COOKIE[session_name()]))
{
setcookie(session_name(),'',time() - 4800,'/');
}
// destroy session completely
session_destroy();
[/code]
HTH,
John W
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: How do I prevent a session from rebuilding itself?
Just to be clear, what exactly are you trying to do? Are you trying to logout a user No. We write enterprise level software probably far surpassing what PHP was ever intended for. However, our GUI is web based (LAMP). We have fail over cluster nodes. If a user is logged into one via a virtual IP, the browser sees it as transparent. When a node fails, it fails over fine (again, the browser still sees the same VIP). But the sess_ file is not on the new node -- by design. We purposely don't copy the /tmp/sess_ files. What we want is, since the session is gone, that $_SESSION['login'] is (in theory) missing/false [although it seems that PHP RAM takes precedence over HD now and this didn't used to be the case] that the user should be re-prompted to login. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE: How do I prevent a session from rebuilding itself?
Daevid Vincent wrote: Just to be clear, what exactly are you trying to do? Are you trying to logout a user No. We write enterprise level software probably far surpassing what PHP was ever intended for. hmm. However, our GUI is web based (LAMP). so the GUI uses php but the rest doesn't? kind of nullifies the statement aboveif thats the case. We have fail over cluster nodes. If a user is logged into one via a virtual IP, the browser sees it as transparent. When a node fails, it fails over fine (again, the browser still sees the same VIP). But the sess_ file is not on the new node -- by design. We purposely don't copy the /tmp/sess_ files. What we want is, since the session is gone, that $_SESSION['login'] is (in theory) missing/false [although it seems that PHP RAM takes precedence over HD now and this didn't used to be the case] that the user should be re-prompted to login. so the user is prompted to login in again if a cluster node he happened to be talking to fails whats the point of the transparency then? I really don't care if my browsers sees the IP consistently - I'd rather just stay logged in. have you considered that your enterprise level software might require a custom session handler (see http://php.net/manual/en/function.session-set-save-handler.php) maybe some kind of mysql cluster running a master-slave config? which would potentially give you real transparency in case of a failed node. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: How do I prevent a session from rebuilding itself?
We write enterprise level software probably far surpassing what PHP was ever intended for. However, our GUI is web based (LAMP). so the GUI uses php but the rest doesn't? kind of nullifies the statement aboveif thats the case. Not really. We use DBUS calls to Ruby and C/C++ code. We manipulate networks. TCP/IP. UDP. LDAP. Iptables. Etc. We use RDBMS tricks to transfer data. SOAP. XML. And all sorts of other tactics to work around the limitations of PHP5. But that is all besides the point. We have fail over cluster nodes. If a user is logged into one via a virtual IP, the browser sees it as transparent. When a node fails, it fails over fine (again, the browser still sees the same VIP). But the sess_ file is not on the new node -- by design. We purposely don't copy the /tmp/sess_ files. What we want is, since the session is gone, that $_SESSION['login'] is (in theory) missing/false [although it seems that PHP RAM takes precedence over HD now and this didn't used to be the case] that the user should be re-prompted to login. so the user is prompted to login in again if a cluster node he happened to be talking to fails whats the point of the transparency then? I really don't care if my browsers sees the IP consistently - I'd rather just stay logged in. Because. That's also irrelevent. And for the record. They DO stay logged in. That's the whole problem I'm trying to get around! For various reasons beyond the scope of this discussion (some related to security), We wish for the user to re-authenticate. d -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
