how to Setting up Session with database And match ip AND expiration time?

Question

how to Setting up Session with database And match ip AND expiration time?

Mahmoud Eskandari Apr '16

Created Apr '16	Last Reply Aug '16	Replies 6	Views 742	Votes 0

Mahmoud Eskandari 5.7k

Apr '16

I would Create an application by Database based Session's And more options on the session:

Set expiration time
Force match ip
Force match User-Agent

I can't find my answer at:

https://github.com/phalcon/incubator/tree/master/Library/Phalcon/Session/Adapter

How to combine (join) my target settings by this settings?

$di->set('session', function() use ($config)  {
    // Create a connection
    $connection = new DbAdapter([
        'host' => $config->database->host,
        'username' => $config->database->username,
        'password' => $config->database->password,
        'dbname' => $config->database->dbname
    ]);
    $session = new Database([
        'db'    => $connection,
        'table' => 'session_data'
    ]);

    $session->start();

    return $session;
});

David Hübner · Answer 1 · 2016-04-01T19:20:47-07:00

You have multiple ways how to do that:

Extend database session adapter and implement logic you want.
Store your options in session data and validate them before registering session service.
Store your options in session and make new service class or factory which will do validation and which will return session adapter.

Jonathan Aaron Steel · Answer 2 · 2016-04-02T16:12:19-07:00

Good luck when your database goes down on heavy concurent usage for a session storage. You should switch to Memcached as session adapter, implementing your rules on session creation there etc. I had similar requirement where database sessions were just not possibile. RDBMS just can't sustain such heavy load during peak times. With Phalcon, using libmemcached adapter everything went fine.

David Hübner · Answer 3 · 2016-04-03T05:57:58-07:00

David Hübner
9.3k

Apr '16

other very good alternative how to save sessions is in ramdisk, rdbms is definitely not optimal

Mahmoud Eskandari · Answer 4 · 2016-04-03T11:51:51-07:00

ok!

I use memcached instead of database

I recently migrating from CodeIgniter to Phalcon

I will translate Phalcon Documentions To Persian For introduction it :)

Thank you!

alimo2 · Answer 5 · 2016-07-31T22:12:22-07:00

alimo2
5.7k

Jul '16

Phalcon Incubator is not safe against session hijacking! any better solution?

Jonathan Aaron Steel · Answer 6 · 2016-08-06T07:08:30-07:00

Jonathan Aaron Steel
79.0k

Aug '16

@alimo2: what do you mean, some incubator part which handles session?

alimo2 · Answer 7 · 2016-08-13T22:58:01-07:00

@alimo2: what do you mean, some incubator part which handles session?

take a look at incubator session, there is no check for hijacking! simply set session cookie in another browser & get session created by others!