Jump to content

Make session_start() in Session overridable from a module


Jim Yost
 Share

Recommended Posts

What I'd like to be able to do is override the session_start() call in the __construct() of Session so I can use another method.

Umm, why the heck would I want to do that?

I've been using Zend Framework for a while now and love how portable my classes are. I've been using it with ProcessWire a good bit and everything works well except for Sessions. Many of my classes are custom forms with validators, filters and custom decorators. I've been able to plug them into PW very easily. The issue is when some fields use session, Zend expects a Zend_Session::start(), Zend_Session is just a wrapper for the normal php $_SESSION. If Zend_Session::start() is called after session_start(), it throws an exception. Many Zend Frameowork classes use Zend_Session unfortunately.

Currently I have just updated the Session.php class in PW and replaced @session_start(); with Zend_Session::start();

Ideally a hookable call to  a new ___sessionStart() method would work well in my opinion. The __construct() method would call the ___sessionStart() or overridden in a module to hook that event and call Zend_Session::start() instead of session_start().

Since Zend_Session is a wrapper of $_SESSION just like PW's Session class, they get along perfectly except for that small startup issue. I've been able to log into processwire and use all features without issue.

-Jim

Link to comment
Share on other sites

Hey Jim,

The session start can't easily be hooked into the traditional way just because the session is initiated before the plugin modules are. So you have to take a little bit different approach to override the session:

Place your Zend_Session::start() at the bottom of your /site/config.php file. That will override ProcessWire's session_start() because in PHP subsequent calls to session_start() are ignored. Also /site/config.php is a site-specific file, so you don't have to worry about it being overwritten during upgrades.

Here is what I suggest placing at the bottom of your /site/config.php file, though of course tweak it to suit your needs:

session_name($config->sessionName);
ini_set('session.use_cookies', true);
ini_set('session.use_only_cookies', 1);
ini_set('session.gc_maxlifetime', $config->sessionExpireSeconds);
ini_set('session.save_path', rtrim($config->paths->sessions, '/'));
Zend_Session::start(); 

Let me know if that works?

Thanks,

Ryan

Link to comment
Share on other sites

Hey Ryan,

That works well for me, I was just thinking it would be nice to package it all up into a single module and not worry about putting code elsewhere. I also realize this is an extremely rare situation so it's not a big deal for now.

-Jim

Link to comment
Share on other sites

It may sound obvious and stupid, but wouldn't it be simpler to just edit Zend_session::start() to detect if session was already started? It seems to that Zend_session doesn't really care whether session was started via ::start or vanilla php function... so just intercept session_start() in Zend_session::start() if it was started already and leave everything in place?

Adam

Edit: this may not be possible if you use some sort of shared libraries like PEAR or something else on your servers. If you, however include it's own php file of Zend_session with PW, this should be by far the simplest way?

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...