Re: Session IP address matching

From:	Stas Malyshev	Date:	Sat, 25 Jan 2014 01:57:06 +0000
Subject:	Re: Session IP address matching
References:	1 2 3	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi!

> I'm not aware of a way to override just read().

What would be the problem with it? You can override each method
independently.

> But even even if I could, how would I avoid breaking the rest of the
> SessionHandler? The manual implies that read() is where (in userland PHP
> terms) fopen() + assign file handle + flock() would happen.

Why would you break it? Just do something like:

class SessionHandlerWithIPChecks extends SessionHandler {

public function SessionHandler::read($session_id)
{
  $data = parent::read($session_id);
  if(!$this->doChecks($data)) {
    return "";
  }
  return $data;
}
}

Then do:

session_set_save_handler(new SessionHandlerWithIPChecks());

-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227


   

Thread (29 messages)

• Andrey AndreevSat, 25 Jan 2014 01:11:37 +0000
  • Stas MalyshevSat, 25 Jan 2014 01:20:27 +0000
  • Ferenc KovacsSat, 25 Jan 2014 01:40:28 +0000
    • Andrey AndreevSat, 25 Jan 2014 01:50:32 +0000
      • Stas MalyshevSat, 25 Jan 2014 01:57:06 +0000
        • Stas MalyshevSat, 25 Jan 2014 01:59:54 +0000
  • Andrea FauldsSat, 25 Jan 2014 02:21:42 +0000
    • Andrey AndreevSat, 25 Jan 2014 03:15:12 +0000
      • Lester CaineSat, 25 Jan 2014 09:54:01 +0000
      • Andreas HeiglSat, 25 Jan 2014 14:11:18 +0000
        • Ralf LangSat, 25 Jan 2014 14:35:39 +0000
          • Lester CaineSat, 25 Jan 2014 15:55:03 +0000
        • Andrey AndreevSat, 25 Jan 2014 16:30:17 +0000
          • Lester CaineSat, 25 Jan 2014 17:29:40 +0000
          • Patrick SchaafSat, 25 Jan 2014 20:21:09 +0000
            • Rick WidmerSat, 25 Jan 2014 20:35:34 +0000
              • Sanford WhitemanSat, 25 Jan 2014 21:07:39 +0000