Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

php sessions versus custom sessions?

Options
  • 30-11-2004 1:03am
    #1
    Baz_
    Registered Users Posts: 2,660 ✭✭✭


    Hey all,

    I'm about to implement my own version of a session manager in php and mysql, but since there is a session manager built into php I'm wondering "is this wise?".

    So what do you think, how well do sessions work with php, has anyone implemented their own session managers before and if so why?

    About the only thing I can think of in favour of php sessions is that they already exist and therefore they probably would take less time to implement, but then again, am I losing control of the session system in that case?

    Anyway, your thoughts would be appreciated, cheers.

    Baz_


Comments

  • Options
    #2
    nahdoic
    Registered Users Posts: 944 ✭✭✭nahdoic


    the php session functions are superb and very configurable - why do you want to make your own? What are you trying to do, that they won't do for you?


  • Options
    #3
    The Corinthian
    Closed Accounts Posts: 19,777 ✭✭✭✭The Corinthian


    For most projects you’re probably better off using the inbuilt session management solution that comes with the application server you’re using, as it will be compiled (and not interpreted as any custom script based application would be) and optimised on both speed and load to work with any application that runs on the server. There’s no point in reinventing the wheel after all.

    However, sometimes you may nonetheless need to use a custom session management solution for various reasons. Of the top of my head a few scenarios that have come up in the past have been:
    1. Custom sessions utilising URL rewriting for NAS (iPlanet Application Server). While NAS supported URL rewriting as a querystring parameter, it would do so to existing querystrings by concatenating the session key using an ampersand. Unfortunately, in the project in question, this all had to pass through an XML parser which would bork if ampersands were not XML encoded. Thus a hybrid session management application, using a combination of the NAS session management solution and custom code had to be developed.
    2. Session management for SMS realistically requires a custom solution. Standard text messages cannot contain session keys, so all you can do is store the MSISDN (mobile number) in a lookup table and use that as a session identifier for the lifespan of the session.
    3. An uncommon requirement is for sessions that use DNS poisoning rather than either cookies or URL rewriting. Again a hybrid solution can be used or a complete custom session management application, utilising its own lookup table can be used for this purpose. Apache does make the job a lot easier though.
    So if you are going to use a custom session management application, there are a number of issues you’re going to have to keep an eye on, such as session clean-ups and updates, session key generation (simply using an autonumber is not secure after all) and of course load / speed issues. As such you really are better off using the session management that comes with whatever application server you’re using, unless you have a requirement that would make that impractical.


  • Options
    #4
    Baz_
    Registered Users Posts: 2,660 ✭✭✭Baz_


    Thats an excellent and persuasive argument there corinthian, cheers to both of ye.


Advertisement