Re: Sessions with perl cgi

Personally, I like to roll my own at least the first time around. Mainly, I do this for the educational value of trial and error and then comparing what I came up with to the standard ways of doing it. Here how I do it:

I take the elements returned by localtime
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime;
randomize the order
concatenate them
I then prefix a standard string ( I use a different prefix for each website)
I then md5_hex the whole thing

Before storing the session id in MySQL, I confirm that it is unique. To date this has never returned a duplicate id.

Comment on Re: Sessions with perl cgi Download Code

Replies are listed 'Best First'.
Re: Re: Sessions with perl cgi by jdtoronto (Prior) on Oct 16, 2003 at 18:31 UTC
Before storing the session id in MySQL, I confirm that it is unique. To date this has never returned a duplicate id. I assuem this means you check if that id is still in your MySQL table. What do you do when a session times out? Keep it? I would have thought it would make for more efficient operation if the session were deleted when it was either closed or timed out. jdtoronto	[reply]
Re: Re: Re: Sessions with perl cgi by ChrisR (Hermit) on Oct 16, 2003 at 20:14 UTC
You are correct. I check to see if the session still exists in the table. When a session times out, the record is deleted. The record is also deleted if the user clicks "Logout". However, the users rarely if ever "Logout". When we first started using this, we had no session timeouts becuase we took for granted that the users would do as instructed and click "Logout" when they were done. OK, OK, so that was stupid on our part but we live, we learn, we improve, or we die. During the 4 months that we didn't have session timeouts, we never saw a duplicate session and still haven't. I know that doesn't mean that it never happened, but so far so good.	[reply]