News:

Wondering if this will always be free?  See why free is better.

Main Menu

Purpose of smf_sessions table?

Started by kornbread, November 11, 2008, 10:56:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

kornbread

November 11, 2008, 10:56:15 AM
I'm writing a script to interface my site with a 3rd party site.  As part of the sign on process I need to send the session id to their script which then sends it back to me to ensure that it is a valid session id.  The session id is stored in the smf_sessions table, but I have a few questions regarding it.

How often is the smf_sessions table purged?  It seems the session data stays in there for weeks and even months sometimes.
If the data is not purged frequently, then I may not understand the purpose of the table.  What is it there to accomplish?  (I assumed it was there to store session data of those people that are logged in, and that data is removed after they logout).

Thanks for the help.

Chris Cromer

#1
November 11, 2008, 11:03:29 AM
You are partially correct about what the table does. Not only does it store information about people that are logged in, but it stores information on the guests. So even if I am not logged in there is a session associated with my browser. However if I close my browser then I am assigned a new session. The benefits of sessions us the ability to track the person viewing the forum. It allows you to know how many guests are viewing your forum, it also makes the forum more secure because it does session checks to make sure you are the correct person and not being forwarded by some bot. Think of a session as being a cookie, except it's stored server side instead of user side.

Sessions do get purged out of the database at some point once they are old. However I don't know how long it takes without looking at the code. You should also note that if I never close my browser, and view the site ever so often as a guest, I would always have the same session, so it would not get purged from the database since I still am active with the same browser open.
Chris Cromer

"I was here, here I was, was I here, sure I was" - The little voice in my head.

H

#2
November 11, 2008, 01:40:02 PM
The code to clear expired sessions gets called at a frequency set in php.ini.

For your integration, you may be better off using built in SMF functions, if possible. Checkout the Function DB
-H
Former Support Team Lead		                              I recommend:
Namecheap (domains)
Fastmail (e-mail)
Linode (VPS)
                             

kornbread

#3
November 11, 2008, 07:39:25 PM
Thanks for the help.  That made things much more clear.
Print
Go Up Pages1
User actions
Advertisement: