Differences

This shows you the differences between two versions of the page.

dev:session_management [2006/02/06 09:33]
editor
dev:session_management [2009/07/06 20:36] (current)
Line 1: Line 1:
 +Main Author: [[http://www.r4vi.org | Ravindra de Silva ]] Contributors: ...
 +====== Important ======
 +include the file “inc/lib_session/session.inc”
 +
 +This is an handler.
 +Therefore some code is executed as soon as the file is included.
 +
 +====== Handler code ======
 +
 +
 +That code checks configuration settings, and selects
 +regular PHP session management, or a custom database handler(which is written),or the adodb session handler.
 +furthermore possibility to encrypt session variables (to do) will be there.
 +
 +====== API functions ======
 +
 +
 +===== shn_session_start() =====
 + 
 +to start a session, simply call <code php>shn_session_start()</code>
 +this function is a wrapper around <code php>session_start()</code>
 +it includes checks to reduce session hijacking
 +therefore this function will also start or
 +retrieve a session like <code php>session_start()</code> ,but
 +with better security.
 +
 +<code php>
 +e.g.
 +
 +<?php
 +include_once ($global['approot']."inc/lib_session/session.inc");
 +shn_session_start();
 +?>
 +</code>
 +===== shn_session_change(array()) =====
 +
 +when the user changes privilege levels (e.g login)
 +its recommended to regenerate the session id
 +this function does that and in addition registers
 +,changes several session variables to reflect
 +change of privileges.
 +
 +e.g.
 +<code php>
 +<?php
 +include_once ($global['approot']."inc/lib_session/session.inc");
 +shn_session_start();
 +$user_data = shn_authenticate_user();
 +if($user_data["user_id"]>0){
 + shn_session_change($user_data);
 +}
 +?>
 +</code>
 +
 +===== shn_session_is_registered(string) =====
 +
 +function which checks whether a Session variable is already registered
 +since there are many modules ,there is the possibility of one module
 +overriding a session variable of another.
 +proper naming convention should reduce that, in addition its recommended to call this function to see if the variable is already registered.
 +
 +===== Note: =====
 +since we are using the front controller pattern its the responsibility of the front controller to start a session or change an existing one.
 +therefore from the API functions documented above
 +<code php>
 +shn_session_start()
 +shn_session_change(array())
 +</code>
 +are exclusively for use by the front controller.
 +other modules, can assume a session is available to them.
 +what they should worry about is what session variables to use and how to use them.
 +To register a session variable simply use PHP session management functions.
 +
 +<code php>
 +e.g
 +$_SESSION['initiated'] = true;
 +</code>
 +
 +and retrieve again PHP session Management functions.
 +<code php>
 +$user=$_SESSION["user"];
 +</code>
 +
 +,but one word of caution, since the system consists of multiple modules
 +please check whether a session variable is already registered by the name
 +you want to use.
 +
 +for that you can use, the API function
 +<code php>
 + if(shn_session_is_registered(“user”)){
 + $_SESSION["user"]=$user;
 +}
 +</code>

Navigation
  • Navigate