Registers a global variable name as a session variable. The name may identify a scalar variable, an array or an object. If an object is to be made persistent, it must have two instance variables:
Unregisters a global variable name as a session variable. The variable is not deleted, but its value will be lost at the end of a page. It is no longer saved to the database.
Destroy the current session and put_id() the current session id.
After delete() has been executed, all session data has been removed from the database. Also, the session object is unusable on this page. Consequently, page_close() may not be called for this session. Session variables are still available on this page, even after the delete(), but will be lost on the following pages.
In cookie mode, it is possible to page_open() a new session after delete() has been called, if no HTML has been output so far so that the new cookie can be set. If you do this, you can also re-register some of the previous session variables and can call page_close() for the new session. This allows you to change the session on the fly and selectively carry over session data from the previous session.
Return an URL referencing the current session. If in get mode, the current session id is attached to this URL, else the URL is returned unmodified.
Return an URL referencing the current page, including PHP_SELF and QUERY_STRING information. If in get mode, the session id is included.
Prints a hidden form element containing the session name and id. This function will print the form element unconditionally, which is useful to propagate a session id from one web server to another, if both share the same stable storage for session data. This is useful to share a session id between a HTTPS and HTTP server or between several servers in different domains.
Returns a hidden element containing the session name and id. This function will return the form element unconditionally, which is useful to propagate a session id from one web server to another, if both share the same stable storage for session data. This is useful to share a session id between a HTTPS and HTTP server or between several servers in different domains.
Adds a hidden form element containing the session name and id, if currently in get-mode. Else the function prints nothing. This function can be used to generate a form element which will propagate the session id in a POST form.
Return string to be appended to the current URL for parameters in GET query format. Intended usage is like this:
<a href="<<?
$sess->pself_url().$sess->padd_query(array("again"=>"yes"))
?>"> Reload</a> and log in?
When a FORM variable is made persistent, that form variable is imported into PHP, then page_open() is being called and the new variable value is overwritten from the database. The FORM value is lost. If you had enabled track_vars and were accessing HTTP_GET_VARS directly, which is recommended, this were not a problem. Some legacy scripts rely on persistent FORM input variables, though. These scripts may call the appropriate reimport_x_vars() functions. These functions will re-read the tracked variable arrays and reinitialize the appropriate global variables after session variables have been restored. Use of this function is discouraged.
You shall not call this function directly. It is called back by the start() function of Session() during initializiation. It is documented so that you can override its implementation in your subclass of Session if you know what you are doing.
This function creates and starts the container class used by this instance of session.
You shall not call this function directly. It is called back by the start() function of Session() during initializiation. It is documented so that you can override its implementation in your subclass of Session if you know what you are doing.
This function determines and sets the internal session name.
You shall not call this function directly. It is called back by the start() function of Session() during initializiation. It is documented so that you can override its implementation in your subclass of Session if you know what you are doing.
This function determines the current method of session propagation and determines if a new session token has to be generated.
You shall not call this function directly. It is called back by the start() function of Session() during initializiation. It is documented so that you can override its implementation in your subclass of Session if you know what you are doing.
This function determines which header lines are to be generated by the session, including cache control headers.
get_id() is used internally to determine a session identifier. Currently, a session identifier is a hex number of 32 characters (128 bits) and it is generated by md5(uniqid($this->magic)) to make it hard to guess.
get_id() may be called with an optional session id to use as a parameter. This is useful if you want to change a session id without breaking the session (taking over an old, left over session).
get_id() can be overwritten by a subclass, if you want a different system to create session ids. For example, some applications want to use a constant session id that is not propagated to the client to use a shared pool of persistent variables (a guestbook for example). These applications need locking (to be implemented soon).
put_id() is used internally to "unuse" a session it. At the moment it deletes the client side cookie and deletes $HTTP_COOKIE_VAR[$this->name] for that cookie. The variable ${$this->name} is not deleted.
serialize() is used internally to append to str all PHP code needed to reconstruct the variable named in prefix.
freeze() serializes all register()ed variables and writes the resulting code into the database, tagged with the current session id and the current session name.
thaw() loads a set of freeze()ed variables for the current session id and session name out of the database and recreates them.
The active_sessions table contains one row for each session. That row is uniquely identified by the sid and name values (name is the name of the session class that has written the row). Each time that row is written, the column changed is updated with the current time.
The gc() function deletes all rows that are older than gc_time minutes and have a matching name field. For speed reasons, gc() is not not called every time an update to active_sessions is being made. Instead it is called randomly with a probability of gc_probability.