António José (ajose) wrote,
António José

  • Mood:


Ok, the code to create and give time to live to a session is made and debugged.

I've opted for a fixed time-to-live for each session and it's session ID.
In this 1st experiments, Ill give it 15 minutes.
So, for each action, one will have 15 minutes which seems to me more than enough.

When the Session ID is created, it-s also runed in the background a task which will sleep for the time specified (in seconds -- I give it 900 for 900 seconds, which is 15 minutes) and after that time is up, the command will delete the session by removing it's data directory and removing it's elements from the "active sessions" data file.
So, the session ends and if any browser with a form from that session responds AFTER the session has ended, it will receive an error screen and will be sent to the login CGI.

To reset the time of the session while some one keeps interacting with the application, I've found a simple solution.... On each form, a new session ID is created. the old one was already marked to die and will eventually die when it's time is up.

This way I can carry a session with any number of browsers concurrently and not depend on cookies which might be or not be enabled in the client's browser.....

This is one of the most important "building blocks" for any thing that ,might require identification and has to conduct "transaction" of any kind....

Ok, after the explanation, back again to programming mode!

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded