Re: [Phplib-users] php4 session fix, and some thoughts
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] php4 session fix, and some thoughts
|
From: Joe S. <joe...@us...> - 2003-01-22 00:48:00
|
On Mon, Jan 20, 2003 at 07:22:25PM -0600, Lindsay Haisley wrote: > My shopping carts were broken using phplib with php4 session management, so > I found the problem and fixed it. Patches against phplib-7.4-pre2 are > attached. > > Basically, the instance variable $sess->in wasn't being saved across > sessions, and Joe Stewart noted as much in his code comments. setup.inc was > being run on each page access, so any stored information was getting wiped > out since $cart->start(), in my setup.inc, ran each time a page was loaded. > I can't take credit for the code ( Max and maybe others deserve the thanks). I just moved the cvs around some. Sorry I don't have more time right now to help much with this. To make sure I understand - The auto_init file is included with every pageview when using the session4.inc class. Using the session.inc it is only included on session creation. This is because the value of sess->in is lost so the conditional in page4.inc fails. I filed a bug report: [ 672166 ] auto_init file included every page_view with session4 http://sourceforge.net/tracker/index.php?func=detail&aid=672166&group_id=31885&atid=403611 \ > The underlying problem is that phplib session management no longer > instantiates a session class with all the public and private instance > variables needed by the API. While the $sess object stored in $_SESSION can > invoke class methods from the underlying class definition, there's no ready > way to store instance variables. Joe and others have fixed some of these, > of course. > others (Giancarlo for one) fixed it in auth. > To get around this, I defined a class, CurrentSession, and an instance > object of _this_ class is stored in the $_SESSION array. An instance of > CurrentSession can hold whatever instance variables the session requires and > methods in the $sess object can be used to retrieve them. The > CurrentSession instance object is named "sob_".session_id(), which may be > overkill, but will definitely insure uniqueness. Rather than using the > $sess->in instance variable, I defined a couple of methods, > $sess->get_auto_init_done() and $sess->set_auto_init_done() which do much > the same thing and require only a minor modification to page4.inc (for which > a patch is also attached). I probably shouldn't have done this, since > saving and restoring $sess->in could be done with a few lines of additional > coding and this would preserve the API. This would require a working > page_close() though, as noted below. > I like the idea of preserving sess->in instead. page_close is already required again if you use register_globals off. thanks for tracking this down. Joe |
