You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Adam Cassar <ad...@netregistry.com.au> on 2000/06/02 01:26:45 UTC
cleaning old Apache::Session's
I was wondering how people are clearing out old Apache::Session's
No timestamp is used on the fields used by Apache::Session, so how do
we clear the old sessions?
I am not talking about the delete() method to remove a session, as that
presumes that a user will always leave your site via pre-defined access
points.
--
Adam Cassar
Senior Web Developer
___________________________________________
NetRegistry http://www.netregistry.com.au
Tel: +61 2 9699 6099 | Fax: +61 2 9699 6088
PO Box 270 Broadway NSW 2007 Australia
Re: cleaning old Apache::Session's
Posted by Michael Schout <ms...@gkg.net>.
On Fri, Jun 02, 2000 at 09:26:45AM +1000, Adam Cassar wrote:
> I was wondering how people are clearing out old Apache::Session's
>
> No timestamp is used on the fields used by Apache::Session, so how do
> we clear the old sessions?
>
> I am not talking about the delete() method to remove a session, as that
> presumes that a user will always leave your site via pre-defined access
> points.
As was mentiuoned, TMTOWTDI, but for postgresql, you can just do:
CREATE TABLE sessions (
id VARCHAR(32) NOT NULL,
ts TIMESTAMP NOT NULL DEFAULT NOW(),
a_session TEXT,
PRIMARY KEY (id)
);
Which works.
Another equivalent solution would involve setting up a "view" on a different
table abd setting up RULES that update the timestamp. E.g.:
CREATE TABLE session_data (
id CHAR(32) NOT NULL,
ts TIMESTAMP NOT NULL,
a_session TEXT,
PRIMARY KEY (id)
);
CREATE VIEW sessions AS SELECT id,a_session FROM session_data;
CREATE RULE sessions_update AS ON UPDATE TO sessions
DO INSTEAD
UPDATE session_data SET
id = NEW.id,
a_session = NEW.a_session,
ts = CURRENT_TIMESTAMP
WHERE id = OLD.id;
CREATE RULE sessions_delete AS ON DELETE TO sessions
DO INSTEAD
DELETE FROM session_data
WHERE id = OLD.id;
CREATE RULE sessions_insert AS ON INSERT TO sessions
DO INSTEAD
INSERT INTO session_data
(id, a_session, ts)
VALUES (NEW.id, NEW.a_session, CURRENT_TIMESTAMP);
This works too. And has the added nifty feature that "sessions" looks exactly
like what Apache::Session expects to find.
I'm sure there are other ways to do it (plpgsql, triggers come to mind) for
postgresql. As I said, TMTOWTDI.
I'm sure nearly every dbms out there can use some variant of one of the above
two methods... You'll just have to adapt it for your particular DBMS.
Mike
Re: cleaning old Apache::Session's
Posted by Richard Dice <rd...@pobox.com>.
> I was wondering how people are clearing out old Apache::Session's
>
> No timestamp is used on the fields used by Apache::Session, so how do
> we clear the old sessions?
>
> I am not talking about the delete() method to remove a session, as that
> presumes that a user will always leave your site via pre-defined access
> points.
This is how I handle it...
Your 'sessions' table schema has to have _at least_ the columns in it that
are talked about in the Apache::Session documentation. That doesn't mean
that you can't add on your own timestamp column as well. Your program
can use that as a basis upon which to delete rows.
Cheers,
Richard
----------------------------------------------------------------------------
Richard Dice * Personal 514 816 9568 * Fax 514 816 9569
ShadNet Creator * http://shadnet.shad.ca/ * rdice@shadnet.shad.ca
Occasional Writer, HotWired * http://www.hotwired.com/webmonkey/
"squeeze the world 'til it's small enough to join us heel to toe"
- jesus jones
Re: cleaning old Apache::Session's
Posted by Tobias Hoellrich <th...@Adobe.COM>.
We are not using cookies to send the session id to the server, but instead
rewrite URLs to contain the session-id (switch off Cookies and go to
http://www.amazon.com for a similar experience). When a user hits us with a
request we lookup the session-data in the session-table and jump to a
"sorry session expired page" if the timestamp is older than 30 minutes. If
the session does not exist in the session store then we jump to the
"homepage". Otherwise we call Apache::Session's 'tie' to grab the data.
Some of you may wonder about the first lookup of the session data, instead
of leaving it up to Apache::Session to figure out whether the session still
exists. In pre-5.6 days an eval { tie ... Apache::Session }; would take
down the process with a bunch of 'POPSTACKs'. That's why still have the
code in there which checks for the existance of the session row.
Makes sense?
Tobias
At 10:09 AM 6/2/00 -0400, Niral Trivedi wrote:
>Tobias,
>
>What do you exactly mean by line 'Internally the session will expire
>after 30 minutes.'???
>
>Is it something internal to Apache::Session or you have it programmed on
>custom basis or what???
>
>Niral
>
>Tobias Hoellrich wrote:
>>
>> At 09:26 AM 6/2/00 +1000, Adam Cassar wrote:
>> >I was wondering how people are clearing out old Apache::Session's
>> >
>> >No timestamp is used on the fields used by Apache::Session, so how do
>> >we clear the old sessions?
>> >
>> >I am not talking about the delete() method to remove a session, as that
>> >presumes that a user will always leave your site via pre-defined access
>> >points.
>> >
>>
>> Adam,
>>
>> nobody stops you from adding a timestamp :-)
>>
>> mysql> describe sessions;
>> +-----------+---------------+------+-----+---------+-------+
>> | Field | Type | Null | Key | Default | Extra |
>> +-----------+---------------+------+-----+---------+-------+
>> | id | varchar(16) | | MUL | | |
>> | modtime | timestamp(14) | YES | | NULL | |
>> | a_session | blob | YES | | NULL | |
>> +-----------+---------------+------+-----+---------+-------+
>> 3 rows in set (0.00 sec)
>>
>> For every access to a session entry mysql will automatically set the first
>> timestamp field in a row to the current time. We run a cronjob every 15
>> minutes, which does a:
>>
>> #!/bin/sh
>> /usr/local/mysql/bin/mysql -pxxxxx -uxxxx sessions << EOSQL
>> delete from sessions where time_to_sec(now()) -
>time_to_sec(modtime) >
>> 60*60;
>> EOSQL
>>
>> to clear any session entry older than one hour. Internally the session wil
>> expire after 30 minutes.
>>
>> Hope this helps
>> Tobias
Re: cleaning old Apache::Session's
Posted by Niral Trivedi <ni...@planet.net>.
Tobias,
What do you exactly mean by line 'Internally the session will expire
after 30 minutes.'???
Is it something internal to Apache::Session or you have it programmed on
custom basis or what???
Niral
Tobias Hoellrich wrote:
>
> At 09:26 AM 6/2/00 +1000, Adam Cassar wrote:
> >I was wondering how people are clearing out old Apache::Session's
> >
> >No timestamp is used on the fields used by Apache::Session, so how do
> >we clear the old sessions?
> >
> >I am not talking about the delete() method to remove a session, as that
> >presumes that a user will always leave your site via pre-defined access
> >points.
> >
>
> Adam,
>
> nobody stops you from adding a timestamp :-)
>
> mysql> describe sessions;
> +-----------+---------------+------+-----+---------+-------+
> | Field | Type | Null | Key | Default | Extra |
> +-----------+---------------+------+-----+---------+-------+
> | id | varchar(16) | | MUL | | |
> | modtime | timestamp(14) | YES | | NULL | |
> | a_session | blob | YES | | NULL | |
> +-----------+---------------+------+-----+---------+-------+
> 3 rows in set (0.00 sec)
>
> For every access to a session entry mysql will automatically set the first
> timestamp field in a row to the current time. We run a cronjob every 15
> minutes, which does a:
>
> #!/bin/sh
> /usr/local/mysql/bin/mysql -pxxxxx -uxxxx sessions << EOSQL
> delete from sessions where time_to_sec(now()) - time_to_sec(modtime) >
> 60*60;
> EOSQL
>
> to clear any session entry older than one hour. Internally the session wil
> expire after 30 minutes.
>
> Hope this helps
> Tobias
Re: cleaning old Apache::Session's
Posted by Tobias Hoellrich <th...@Adobe.COM>.
At 09:26 AM 6/2/00 +1000, Adam Cassar wrote:
>I was wondering how people are clearing out old Apache::Session's
>
>No timestamp is used on the fields used by Apache::Session, so how do
>we clear the old sessions?
>
>I am not talking about the delete() method to remove a session, as that
>presumes that a user will always leave your site via pre-defined access
>points.
>
Adam,
nobody stops you from adding a timestamp :-)
mysql> describe sessions;
+-----------+---------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+---------------+------+-----+---------+-------+
| id | varchar(16) | | MUL | | |
| modtime | timestamp(14) | YES | | NULL | |
| a_session | blob | YES | | NULL | |
+-----------+---------------+------+-----+---------+-------+
3 rows in set (0.00 sec)
For every access to a session entry mysql will automatically set the first
timestamp field in a row to the current time. We run a cronjob every 15
minutes, which does a:
#!/bin/sh
/usr/local/mysql/bin/mysql -pxxxxx -uxxxx sessions << EOSQL
delete from sessions where time_to_sec(now()) - time_to_sec(modtime) >
60*60;
EOSQL
to clear any session entry older than one hour. Internally the session wil
expire after 30 minutes.
Hope this helps
Tobias