Stale Sessions

Have been working on a PDO based session class, making some improvements here and there and noticed something thats not really brought up much that I can see.

You can define when the cookie expires, and when a session will be considered garbage, but theres 2 problems there.

• Its easy to edit a cookie
• Garbage collection works best on busy sites by default

Sure you can do things like encrypt the time and check it every page load but thats a lot of overhead, Or you could save the last time loaded in your session but then you have to update that every page load which means more writes to the sessions database.

Simple solution, updated my Read function as follows


function Read($key) {
$extra = '';
if($this->autotimeout) {
$extra = ' AND expire > '.time();
}
$stmt = $this->pdo->prepare('SELECT value FROM ' . $this->sessiontable . ' WHERE sesskey = :key'.$extra);

This ensures even if garbage collection hasn't gotten around to deleting a stale session it can not be used. Since you have to read the data every page load anyway theres really no extra overhead involved.

You can find the full code here -> http://projects.cyberlot.net/trac/opensource/browser/Zend/PDOSessions/Se...