Subversion Repositories svnkaklik

Rev

Details | Last modification | View Log

Rev Author Line No. Line
36 kaklik 1
John,
2
 
3
I have been an extremely satisfied ADODB user for several years now.
4
 
5
To give you something back for all your hard work, I've spent the last 3
6
days rewriting the adodb-session.php code.
7
 
8
----------
9
What's New
10
----------
11
 
12
Here's a list of the new code's benefits:
13
 
14
* Combines the functionality of the three files:
15
 
16
adodb-session.php
17
adodb-session-clob.php
18
adodb-cryptsession.php
19
 
20
each with very similar functionality, into a single file adodb-session.php.
21
This will ease maintenance and support issues.
22
 
23
* Supports multiple encryption and compression schemes.
24
  Currently, we support:
25
 
26
  MD5Crypt (crypt.inc.php)
27
  MCrypt
28
  Secure (Horde's emulation of MCrypt, if MCrypt module is not available.)
29
  GZip
30
  BZip2
31
 
32
These can be stacked, so if you want to compress and then encrypt your
33
session data, it's easy.
34
Also, the built-in MCrypt functions will be *much* faster, and more secure,
35
than the MD5Crypt code.
36
 
37
* adodb-session.php contains a single class ADODB_Session that encapsulates
38
all functionality.
39
  This eliminates the use of global vars and defines (though they are
40
supported for backwards compatibility).
41
 
42
* All user defined parameters are now static functions in the ADODB_Session
43
class.
44
 
45
New parameters include:
46
 
47
* encryptionKey(): Define the encryption key used to encrypt the session.
48
Originally, it was a hard coded string.
49
 
50
* persist(): Define if the database will be opened in persistent mode.
51
Originally, the user had to call adodb_sess_open().
52
 
53
* dataFieldName(): Define the field name used to store the session data, as
54
'DATA' appears to be a reserved word in the following cases:
55
	ANSI SQL
56
	IBM DB2
57
	MS SQL Server
58
	Postgres
59
	SAP
60
 
61
* filter(): Used to support multiple, simulataneous encryption/compression
62
schemes.
63
 
64
* Debug support is improved thru _rsdump() function, which is called after
65
every database call.
66
 
67
------------
68
What's Fixed
69
------------
70
 
71
The new code includes several bug fixes and enhancements:
72
 
73
* sesskey is compared in BINARY mode for MySQL, to avoid problems with
74
session keys that differ only by case.
75
  Of course, the user should define the sesskey field as BINARY, to
76
correctly fix this problem, otherwise performance will suffer.
77
 
78
* In ADODB_Session::gc(), if $expire_notify is true, the multiple DELETES in
79
the original code have been optimized to a single DELETE.
80
 
81
* In ADODB_Session::destroy(), since "SELECT expireref, sesskey FROM $table
82
WHERE sesskey = $qkey" will only return a single value, we don't loop on the
83
result, we simply process the row, if any.
84
 
85
* We close $rs after every use.
86
 
87
---------------
88
What's the Same
89
---------------
90
 
91
I know backwards compatibility is *very* important to you.  Therefore, the
92
new code is 100% backwards compatible.
93
 
94
If you like my code, but don't "trust" it's backwards compatible, maybe we
95
offer it as beta code, in a new directory for a release or two?
96
 
97
------------
98
What's To Do
99
------------
100
 
101
I've vascillated over whether to use a single function to get/set
102
parameters:
103
 
104
$user = ADODB_Session::user(); 	// get
105
ADODB_Session::user($user);		// set
106
 
107
or to use separate functions (which is the PEAR/Java way):
108
 
109
$user = ADODB_Session::getUser();
110
ADODB_Session::setUser($user);
111
 
112
I've chosen the former as it's makes for a simpler API, and reduces the
113
amount of code, but I'd be happy to change it to the latter.
114
 
115
Also, do you think the class should be a singleton class, versus a static
116
class?
117
 
118
Let me know if you find this code useful, and will be including it in the
119
next release of ADODB.
120
 
121
If so, I will modify the current documentation to detail the new
122
functionality.  To that end, what file(s) contain the documentation?  Please
123
send them to me if they are not publically available.
124
 
125
Also, if there is *anything* in the code that you like to see changed, let
126
me know.
127
 
128
Thanks,
129
 
130
Ross
131