Mercurial > defr > drupal > core
comparison includes/session.inc @ 11:589fb7c02327 6.5
Drupal 6.5
| author | Franck Deroche <webmaster@defr.org> |
|---|---|
| date | Tue, 23 Dec 2008 14:32:19 +0100 |
| parents | acef7ccb09b5 |
| children | 8b6c45761e01 |
comparison
equal
deleted
inserted
replaced
| 10:6f15c9d74937 | 11:589fb7c02327 |
|---|---|
| 1 <?php | 1 <?php |
| 2 // $Id: session.inc,v 1.44.2.2 2008/08/12 10:29:03 dries Exp $ | 2 // $Id: session.inc,v 1.44.2.3 2008/09/17 07:53:08 goba Exp $ |
| 3 | 3 |
| 4 /** | 4 /** |
| 5 * @file | 5 * @file |
| 6 * User session handling functions. | 6 * User session handling functions. |
| 7 */ | 7 */ |
| 55 | 55 |
| 56 function sess_write($key, $value) { | 56 function sess_write($key, $value) { |
| 57 global $user; | 57 global $user; |
| 58 | 58 |
| 59 // If saving of session data is disabled or if the client doesn't have a session, | 59 // If saving of session data is disabled or if the client doesn't have a session, |
| 60 // and one isn't being created ($value), do nothing. | 60 // and one isn't being created ($value), do nothing. This keeps crawlers out of |
| 61 // the session table. This reduces memory and server load, and gives more useful | |
| 62 // statistics. We can't eliminate anonymous session table rows without breaking | |
| 63 // the throttle module and the "Who's Online" block. | |
| 61 if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) { | 64 if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) { |
| 62 return TRUE; | 65 return TRUE; |
| 63 } | 66 } |
| 64 | 67 |
| 65 $result = db_result(db_query("SELECT COUNT(*) FROM {sessions} WHERE sid = '%s'", $key)); | 68 db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time(), $key); |
| 66 | 69 if (db_affected_rows()) { |
| 67 if (!$result) { | |
| 68 // Only save session data when when the browser sends a cookie. This keeps | |
| 69 // crawlers out of session table. This reduces memory and server load, | |
| 70 // and gives more useful statistics. We can't eliminate anonymous session | |
| 71 // table rows without breaking throttle module and "Who's Online" block. | |
| 72 if ($user->uid || $value || count($_COOKIE)) { | |
| 73 db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time()); | |
| 74 } | |
| 75 } | |
| 76 else { | |
| 77 db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time(), $key); | |
| 78 | |
| 79 // Last access time is updated no more frequently than once every 180 seconds. | 70 // Last access time is updated no more frequently than once every 180 seconds. |
| 80 // This reduces contention in the users table. | 71 // This reduces contention in the users table. |
| 81 if ($user->uid && time() - $user->access > variable_get('session_write_interval', 180)) { | 72 if ($user->uid && time() - $user->access > variable_get('session_write_interval', 180)) { |
| 82 db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid); | 73 db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid); |
| 83 } | 74 } |
| 75 } | |
| 76 else { | |
| 77 // If this query fails, another parallel request probably got here first. | |
| 78 // In that case, any session data generated in this request is discarded. | |
| 79 @db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time()); | |
| 84 } | 80 } |
| 85 | 81 |
| 86 return TRUE; | 82 return TRUE; |
| 87 } | 83 } |
| 88 | 84 |