[aur-dev] aur session handling

Loui louipc.ist at gmail.com
Thu Mar 13 08:06:11 EDT 2008

On Tue, 11 Mar 2008 21:12:39 -0700
eliott <eliott at cactuswax.net> wrote:

> I never realized that the session storage for the aur is using a
> custom method, and storing the data in a mysql table.
> Perhaps the aur code could:
> 1) use php sessions
> 2) provide a cleanup script to purge old sessions after some interval.

Yeah I patched (0b9283) a bug back in September that was needlessly
creating Session IDs. Who knows how long AUR was running that bug.

Luckily that's a table that you can purge without major side effects.

The table will still have stale entries though if you lost your cookie
and have to log in again. We could have a function that runs each time
the user logs in that clears SIDs linked to that user older than
$LOGIN_TIMEOUT (web/lib/config.inc). We'd just want to increase
$LOGIN_TIMEOUT to 24 or 48 hrs rather than just 2 hrs.

I recently heard of php sessions. I thought that it might be something
to look into as well.

More information about the aur-dev mailing list