| blob | c6c7685865eec1626dcf9e68cd5f58bafb366e75 |
1 John,
3 I have been an extremely satisfied ADODB user for several years now.
5 To give you something back for all your hard work, I've spent the last 3
6 days rewriting the adodb-session.php code.
8 ----------
9 What's New
10 ----------
12 Here's a list of the new code's benefits:
14 * Combines the functionality of the three files:
16 adodb-session.php
17 adodb-session-clob.php
18 adodb-cryptsession.php
20 each with very similar functionality, into a single file adodb-session.php.
21 This will ease maintenance and support issues.
23 * Supports multiple encryption and compression schemes.
24 Currently, we support:
26 MD5Crypt (crypt.inc.php)
27 MCrypt
28 Secure (Horde's emulation of MCrypt, if MCrypt module is not available.)
29 GZip
30 BZip2
32 These can be stacked, so if you want to compress and then encrypt your
33 session data, it's easy.
34 Also, the built-in MCrypt functions will be *much* faster, and more secure,
35 than the MD5Crypt code.
37 * adodb-session.php contains a single class ADODB_Session that encapsulates
38 all functionality.
39 This eliminates the use of global vars and defines (though they are
40 supported for backwards compatibility).
42 * All user defined parameters are now static functions in the ADODB_Session
43 class.
45 New parameters include:
47 * encryptionKey(): Define the encryption key used to encrypt the session.
48 Originally, it was a hard coded string.
50 * persist(): Define if the database will be opened in persistent mode.
51 Originally, the user had to call adodb_sess_open().
53 * dataFieldName(): Define the field name used to store the session data, as
54 'DATA' appears to be a reserved word in the following cases:
55 ANSI SQL
56 IBM DB2
57 MS SQL Server
58 Postgres
59 SAP
61 * filter(): Used to support multiple, simulataneous encryption/compression
62 schemes.
64 * Debug support is improved thru _rsdump() function, which is called after
65 every database call.
67 ------------
68 What's Fixed
69 ------------
71 The new code includes several bug fixes and enhancements:
73 * sesskey is compared in BINARY mode for MySQL, to avoid problems with
74 session keys that differ only by case.
75 Of course, the user should define the sesskey field as BINARY, to
76 correctly fix this problem, otherwise performance will suffer.
78 * In ADODB_Session::gc(), if $expire_notify is true, the multiple DELETES in
79 the original code have been optimized to a single DELETE.
81 * In ADODB_Session::destroy(), since "SELECT expireref, sesskey FROM $table
82 WHERE sesskey = $qkey" will only return a single value, we don't loop on the
83 result, we simply process the row, if any.
85 * We close $rs after every use.
87 ---------------
88 What's the Same
89 ---------------
91 I know backwards compatibility is *very* important to you. Therefore, the
92 new code is 100% backwards compatible.
94 If you like my code, but don't "trust" it's backwards compatible, maybe we
95 offer it as beta code, in a new directory for a release or two?
97 ------------
98 What's To Do
99 ------------
101 I've vascillated over whether to use a single function to get/set
102 parameters:
104 $user = ADODB_Session::user(); // get
105 ADODB_Session::user($user); // set
107 or to use separate functions (which is the PEAR/Java way):
109 $user = ADODB_Session::getUser();
110 ADODB_Session::setUser($user);
112 I've chosen the former as it's makes for a simpler API, and reduces the
113 amount of code, but I'd be happy to change it to the latter.
115 Also, do you think the class should be a singleton class, versus a static
116 class?
118 Let me know if you find this code useful, and will be including it in the
119 next release of ADODB.
121 If so, I will modify the current documentation to detail the new
122 functionality. To that end, what file(s) contain the documentation? Please
123 send them to me if they are not publically available.
125 Also, if there is *anything* in the code that you like to see changed, let
126 me know.
128 Thanks,
130 Ross