Re: [phplib-users] PHP 5.2 and PHPlib

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Fri, 2008-08-22 at 21:14 -0700, aric caley wrote:
> I think the current default handing of sessions in PHP sucks.  I just
> got bit by some security holes due to session handling.  I think there
> is still a need for a top notch, efficient and flexible session
> handling system.

The session handling in PHPlib is rooted in PHP3, before PHP implemented
native session management in v4.  It's database-oriented, which it no
longer _needs_ to be, although I can conceive of situations in which it
might be advantageous to use db-based session management as opposed to
the native PHP session management.

I looked at some of the PHPlib session management code a couple of years
ago with a view to rewriting some of it, and I came to the conclusion
that there are some API features in PHPlib's session management that
can't be easily reproduced using PHP's native session management.  

> I also like the authentication system and it doesnt seem like there's
> many other good auth systems out there.

PEAR's Auth module is quite good.  I believe it does challenge
authentication by default.  I wrote a class which I use frequently,
based on the PHPlib perm and auth module APIs, using PEAR::Auth which
combines both, and rides on top of native PHP4+ session management.

PHPlib was written before PEAR came out.  PEAR contains much of the
functionality that PHPlib contains, and is pretty solid, albeit not
really well documented sometimes.  It seems silly to re-invent the wheel
here.  On the other hand, I've found that the PEAR API is often
excessively rich for simple applications, and using it requires one to
nail down a lot of configuration params that could easily default to
reasonable values 90% or so of the time.  This is why I've written
several classes for my own use which rely on PEAR but present the PHPlib
API, which is relatively simple, not to mention the fact that I'm
already familiar with it.

-- 
Lindsay Haisley       | "Everything works    |    Accredited
FMP Computer Services |       if you let it" |      by the
512-259-1190          |    (The Roadie)      |   Austin Better
http://www.fmp.com    |                      |  Business Bureau