You are invited to Log in or Register a free Frihost Account!

Session Management - Comments Required

I am developing my own sessions management system, and i am stuck on a stage to make my sessions abort and multiple requests compatible.

I have decided to make the second request wait if the first rquest is still in process (using sleep()).

I have found another problem. If a request takes suppose 5 seconds, and in the start i am using regenerate function to regenerate the ID of the session. If before sending the header back to the browser to change the cookie value, the user sends another request (for example presses the F5 button a lot of times) then there is a possibility that the browser sends request before receiving the previous Cookie Headers. So, browser sends request with OLD session ID that infact doesnt exist on server side. How can this be dealt with?

If i dont rename the session file when new id is generated on each request and keep the old session file and create new session file with old id, then in this case if you consider the above problem, then when the browser will send old cookie value, the user will get the old session data. the problem still exists.

Any suggestions?
But what would be the point of making your own sessions?
Why not just use the sessions built into Php?
Raidation wrote:
But what would be the point of making your own sessions?
Why not just use the sessions built into Php?

i an prety much comfortable with my own.
I was facing problems with the PHP Builtin sessions, also php sessions are insecure.
The class i developed is almost (as per my knowledge) perfect and handles Browser Varification.
I have added 1 more thing to make that class my site specific. I have added just 5 lines (almost) of code and the system is now a perfectly secure User management system (login/logout).

It also gives me lot of flexibility, like all the parameters in the script are same as those used in php sessions like session file prefix, cookie name of session, duration, garbage collection, etc, and i can change the parameters according to changing requirements during development without the need to restart the server.

And the most importent thing is that it gave me a lot of experience and confidence.

I have posted that class somewhere on frihost but that was buggy at that time.
Related topics
[tutor] How to protect images without htaccess using PHP
Creating your own pages in SMF and phpBB
Secure website with password?
Separating contents of MySQL row and put them in variables?
Olympus website integration
phpBB reply error
HELP! : Uninstalling phpBB2 mod
Session Question
problem when using ob_start("ob_gzhandler") on php
with with phpbb2
Problem with a script
i want to put google adds on my forum
php/sql question
Relatively Secure Session Management System for PHP
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

© 2005-2011 Frihost, forums powered by phpBB.