dongpin1850 2013-07-22 12:46
浏览 52
已采纳

Zend Session和Namespace Expiries

I have 2 areas that need session management, with 2 different expirations:

  • Administrative Area - 20 minutes
  • Reservation Area - 3 minutes

Using Zend_Session, how can I manage both for the same user?

It is important to note that the Reservation Area behaves much like Ticketmaster, where maintaining reservation accuracy down to the second is crucial.

My current implementation utilizes the Zend_Session_SaveHandler_DbTable and I would like to stick with that, if possible.

I am storing the Session_ID from the main Session table on the Reservation table to indicate reservations. This works out well, because it allows me to use garbage collection to clean up abandoned sessions (I have a cron triggering garbage collection every minute).

My problem with this implementation is that I don't know how to manage the Administrative Area's session, given the time difference.

  • 写回答

2条回答 默认 最新

  • drztpx8735 2013-07-22 14:54
    关注

    I think you need an application-level thing to manage these reservations, rather than relying on the session itself. It's hard to 'do things' when sessions expire, and I'd argue sessions are not really designed to be depended on for this sort of functionality.

    I suggest you create a separate table that holds reservation tokens. These would have an unique 'token' hash as the primary key, an 'expires' date, and possibly a optional user ID. Instead of storing Session_ID on the reservation table, you store the token instead, with the same constraint in place (so deleting the token frees up the reservation). You add an additional cron job that expires tokens - this could be as simple as executing a DELETE FROM reservation_tokens WHERE expires < NOW() query. In the session you store the token, and checking the expire time on the token will tell you whether the reservation is still valid or not.

    This way your reservation expiry is no longer dependent on the session expiring. It also would allow for things like a logged in user still having the same reservation if they were to login again (before the reservation expired).

    As for the administrative login, an approach I've taken in the past is to simply extend the session expiry when a user authenticates. This is pretty easy to do, just after a valid login:

    // assuming $result is a Zend_Auth_Result
if ($result->isValid()) {
    // extend the user's session
    $lifetime = 1200;
    ini_set('session.cookie_lifetime', $lifetime);
    Zend_Session::rememberMe($lifetime);
}

    and if you've implemented the reservation token solution, having a longer session no longer causes problems with your reservations.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料
  • ¥15 使用R语言marginaleffects包进行边际效应图绘制
  • ¥20 usb设备兼容性问题
  • ¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊
  • ¥15 安装svn网络有问题怎么办
  • ¥15 vue2登录调用后端接口如何实现