Since version 2.0, the session handling has been revised. There is now a Session class (derived from Table Access) of which a global object $gCurrentSession is applied calling scripts each time.

An important difference to previous handling is that now every visitor gets a session entry in the session table. In addition, we now offer that an user can be entered multiple times in the session table, which means that you can log in to different systems or browsers several times.

The PHP session is created in the common.php and gets a session ID from an either existing cookie or in the other case, the PHP session ID.

It is once determined whether this season already exists in the table. It exists and is a USR_ID assigned, so the login is valid, and the variable $ gValidLogin is set. This variable was in the previous versions $ gSessionValid. Because this name would now lead to confusion (now every visitor has a valid session), it was renamed.

If the session doesn't exist, so it is applied, but $gValidLogin remains false. Only after a valid login a user is then assigned to the session and the variable is set to true.

A new addition in version 2.0 also is the column ses_renew. About this column, you can control the rescan of $ gCurrentOrganization and $ gCurrentUser. These are read only once usually per user and then remain in the session. There are problems when someone stays very online a long time and at the same time, another admin user, for example, changes the system settings or the profile fields. This had previously not affect to all users already logged on. Using the methods $getCurrentSession→renewOrganizationObject () and $ getCurrentSession→renew User Object () you can force the new reading for all users.

  • en/entwickler/sessionhandling.txt
  • Last modified: 2016/12/03 15:00
  • by ximex