Hi all,
i’m new with yii framework and i trying understand session handling. After a day of read a lot of information I need somebody confirm if something is wrong.
Default configuration.
In config file /protected/config/main.php are not mention about session. I suppose that a default config is loaded if a session element is not define in ‘components’ array.
I finded a larry: larryullman.com/2011/05/03/using-sessions-with-the-yii-framework/
Attributes by default session component are:
autoStart, which defaults to true (i.e., always start sessions)
cookieMode, with acceptable values of none, allow, and only, equating to: don’t use cookies, use cookies if possible, and only use cookies; defaults to allow
cookieParams, for adjusting the session cookie’s arguments, such as its lifetime, path, domain, and HTTPS-only
gCProbability, for setting the probability of garbage collection being performance, with a default of 1, as in a 1% chance
savePath, for setting the directory on the server used as the session directory, with a default of /tmp
sessionName, for setting the session’s, um, name, which defaults to PHPSESSID
timeout, for setting after how many seconds a session is considered idle, which defaults to 1440
The elements ‘savePath’ and ‘sessionName’ are defined by php.ini configuration and not '/tmp/ and name PHPSESSID. For example, in my case add “sess_” to begin of PHPSESSID and path is “/var/lib/php5/”
It’s recommended to change savePath to a directory within site.
We have the possibility of store session data in a database. Add a component ‘session’ with this code:
‘session’ => array (
'class' => 'system.web.CDbHttpSession',
'connectionID' => 'db',
'sessionTableName' => 'actual_table_name',
),
When the user logout we need remove session with Yii::app()->session->clear() or Yii::app()->session->destroy().
But if session expired, does a handler exist that clear or destroy session in both cases (file and database sessions)? I suppose that in file option, php destroy a expired session but in bbdd option, do i need control session time? This implies update time in every http request. In case of expired session a new action of user return a expired session response. If no action of user, the session is stored indefinitely. How fixed this case?
In php documentation we can set a handler for destroy session:
php.net/manual/en/function.session-set-save-handler.php
If a app show how many users are on line, we need a handler for run a code that change user status to offline. How can we to set a handler in yii for this?