"L'anello più debole di un sistema di sicurezza è il fattore umano" Kevin D. Mitnick

(English) PHP session sharing using Zend Server CE and MS SQL Server

Posted: aprile 15th, 2010 | Author: | Filed under: PHP | Tags: , , | 9 Comments »

Ci spiace, ma questo articolo è disponibile soltanto in English.

9 Comments on “(English) PHP session sharing using Zend Server CE and MS SQL Server”

  1. 1 Enrico Zimuel’s Blog: PHP session sharing using Zend Server CE and MS SQL Server | Development Blog With Code Updates : Developercast.com said on aprile 16th, 2010:

    [...] used SQL Server to do it. Enrico Zimuel has helped to solve that problem with his new post on using Zend Server and SQL Server to persist the session data. In the open source community there are many examples on how to share [...]

  2. 2 André R. said on aprile 19th, 2010:

    How exactly do you avoid that the two servers generate the same session id for two different users?
    Seems like you do not handle this, and even if it will happen rarely, it will likely happen as the session id is generated independently on the two servers..

  3. 3 André R. said on aprile 22nd, 2010:

    Ignore comment above, very unlikely to happen and you can use session.entropy_file and session.entropy_length to make it even more unlikely and less predictable.

  4. 4 Enrico Zimuel said on aprile 22nd, 2010:

    The session ID is managed by the PHP engine. You can decrease the probability of ID collision using the session.entropy_file and session.entropy_length directives of php.ini (with a low number of sessions the probability of collision by default is around 2^-32). But if you have a big number of concurrency sessions, for instance 60K, the probability grows (near 0.5) and it’s mandatory increase he number of bytes used by session ID.

  5. 5 php developer said on luglio 7th, 2010:

    This is a nice article.. Easy to understand your explanation.

    Doing good:-)

    Thanks a lot..!

  6. 6 Piotr Szczerbowski said on luglio 7th, 2010:

    In MySQL it is simple to verify if there is a collision. Setting up an UNIQUE index on the CHAR(32) column (for session hash) returns an error if a duplicated session is created. Proper handling of an error with session creation allows you to try again with another sessonID. There should be similar possibilities for MSSQL, I am not aware of them as I am not handling sessions using Microsft server in my apps.

  7. 7 Enrico Zimuel said on luglio 8th, 2010:

    Hi Piotr,
    you are absolutely right. In the MS SQL table proposed in the post the session_id field is primary key so no collision are possible.
    Of course we have to manage the error of a collision and try to generate a new random value for the ID until we found a free one.

  8. 8 Jerseys said on luglio 14th, 2010:

    To use the sqlsrv extension ver. 1.1 you must have installed the Microsoft SQL Server 2008 Native Client. You can check the system requirements of the SQL Server Driver for PHP here.

  9. 9 Carly Jobs said on settembre 19th, 2011:

    Thanks for this post, youve explained zend session sharing really well.

Leave a Reply

    • Spam Protection by WP-SpamFree