scache_reset, scache_preset
Description
scache_reset and scache_preset opens connection to scached server and creates new or resets already existing session id, provided that secret matches in case of existing session has one set.
Both functions do a round trip to scached, scache_preset opens connection as persistent and reuses existing connections while scache_reset doesn't.
id is in most cases the cookie or whatever you send to browsers to distinguish them between. secret is meant to be web application specific check to be matched on a case where same scached is used between not so trustworthy apps and servers. If secret is set it must match on further opens. On a simple local-only scacheds secret has no sensible uses.
scache_open, scache_reset and scache_connect are all for opening session handle. Differencies between them are :
- scache_connect initiates tcp connection to scached, but doesn't query anything. It merely prepares connection to use values provided. scache_connect operates only on existing and valid sessions and never create a new one.
- scache_open initiates tcp connection and queries server. If session with provided id exists and optional secret matches, scache_open returns that session. If session doesn't exist, it will be created and scache_open acts like scache_reset. If return value is not FALSE, session is verified to be valid unlike with scache_connect where validness is not resolved out until on first actual operation.
- scache_reset also initiates tcp connection and queries server, but it always resets and creates session whether it exists or not, as long as secret match if set on possibly existing session. As like with scache_open non-false result is actually verified.
Class interface does not support parameters on reset method. All parameters are given in SCache object's constructor.
Parameters
Return values
Class interface returns either TRUE on success or FALSE on failure, while procedural interface returns session resource on success or FALSE on failure. All other functions operate on this returned resource as their first parameter.
In case of failure, error codes resolvable by scache_lasterr is one of below :
- SCERR_EXIST Session specified already exist but with differing secret. Session won't be overwritten without providing correct secret.
- SCERR_LIMITS_REACHED Partition has exceeded its memory or node limits and new session cannot be created until memory is freed.
- SCERR_NOT_CONNECTED Connection to backend is broken and cannot be reconnected.
- SCERR_PROTOCOL Internal protocol error has occurred when communicating to backend. This indicates something is severely broken.
Notes
On a normal life-cycle you should separate user login from other activities and create session on that login phase with either scache_open or scache_reset. With scache_open you can detect already existing session and choose to select another session identifier while scache_reset always resets session leaving undetectable possibility that there is another user using same identifier. It's a case how much you trust you id's uniqueness.
On the later page loads you should acquire session resource with scache_connect to avoid unnecessary backend queries. Good practice is to separate session initialization from it's further use.
Finally you log out the user by destroying session with scache_drop
Examples
<?php $new_session_identifier = uniqid(); $session = scache_reset($new_session_identifier, 'myhost.tcp.ip', 'SuperSeCREt'); ?>
By class interface, equal session initialization must be done in two stages :
<?php $new_session_identifier = uniqid(); $session = new SCache($new_session_identifier, 'myhost.tcp.ip', false /* default-expire */, true /* persistent */, 'SuperSeCREt'); $session->reset(); ?>