[Jaws-project-developers] session managing

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

i saw the polished that ion did with the session management and i liked
it. 
I have just some observations (i might have missed things i'm very busy
right now on my job it's the begining of the semester and we have to put
out the new website):

- The session management it's only avaliable when you login, and there
are some features of the sessions that anonymous users can take
advantage of like persistent attributes between requests

- We could change the sessions schema so the attributes are defined by
the username and not the session id, this is with the pourpouse of
manage persistence of attributes beyond logins and logouts.
this change is very trivial we just need to add an sessions_active table
and store the session identificator and the associated user, the
attributes of the session remain in the sessions table but the key will
be the username:

|  sessions_active |        | sessions |
--------------------        ------------
|                  |        |   UID    |
|       SID        |        |   hash   | 
|       UID        |        
|       md5        |
|       mtime      | 

this could allow us to have different sessions with se same user and
share attributes between applications at the same time

- There is no expiring session procedures for the database, we need a
way to do this, i don't think a cron can be the solution. it could be a
check that is being done every n days when a user logs in.

what do you think?

-- 