PHP Session Development Strategies
- Use Firebug to get the session id off the page requests.
- Find the directory session files are stored in. On busy, shared servers, this is often /tmp. Check /etc/php.ini or possibly /etc/httpd/conf.d/php.conf.
- To simulate a session timeout on the server side, delete the session file.
- To simulate a cookie timeout on the client side, delete all private data (FF) or cookies (IE).
- To simulate a lost connection - disconnect or disable the network connection.
- Use more to view the contents of a session file.
- Use session files to reduce the amount of logic required for execution. You can assume the session file must be read for authentication, therefore, adding a few more bytes in to reduce execution time should yield a performance gain. Be careful to only store data which is valuable for enough operations that the storage increase is warranted.
- ACL can be stored in session files. It may be faster than using a database.
- Never store passwords in session data.
- Language in use is good for storage in session files.
- Session files must not be accessible through the web. Should only be accessible for appropriate users.
| Print article | This entry was posted by elvis on 12/29/08 at 07:20:00 pm . Follow any responses to this post through RSS 2.0. |