Post by fegdeed » Tue Oct 06, 2020 7:49 am

@letxobnav Thank you .

Image
Get a secure, fast, and reliable web hosting service from https://turnuphosting.com.


Active Member

Posts

Joined
Fri Sep 21, 2018 12:01 am

Post by by mona » Thu Oct 22, 2020 10:40 pm

The __destruct function in the class will not work for the database solution as the database connection is already gone.

Garbage collection for DB stored sessions.
system/library/session/db.php:

replace the __construct function with:

Code: Select all

public function __construct($registry) {
$this->db = $registry->get('db');

// session expire using php.ini, defaults to 1 hour
$this->expire = ini_get('session.gc_maxlifetime') ?? 3600;

// session garbage collection using php.ini, defaults to 1% probability
$gc_probability = ini_get('session.gc_probability') ?? 1;
$gc_divisor = ini_get('session.gc_divisor') ?? 100;
if ((rand() % $gc_divisor) < $gc_probability) $this->gc();
}
That will make sure the gc is actually called and sets the right divisor/probability settings

replace the gc function with:

Code: Select all

public function gc() {
$dt = date('Y-m-d H:i:s',((int)time()));
$this->db->query("DELETE FROM " . DB_PREFIX . "session WHERE expire < '".$dt."'");
}
That will make sure that the query compares datetime with datetime and not timestamp with datetime.

replace the read function with:

Code: Select all

public function read($session_id) {
$query = $this->db->query("SELECT data FROM " . DB_PREFIX . "session WHERE session_id = '" . $this->db->escape($session_id) . "'");
if ($query->num_rows) return json_decode($query->row['data'], true);
else return false;
}
That will remove the expire condition from the query as it slows the query down comparing timestamp with datetime.

DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


https://www.youtube.com/watch?v=zXIxDoCRc84


User avatar
Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am

Post by svdumitrescu » Mon Jan 31, 2022 10:25 pm

Hi. Found this topic after an "opencart session table" Google search. I was too puzzled why more than 300 pages by 25 records each in the oc_session table, with very little activity on that store. To the point most of those here made, I see there's an "expire" datetime field, and many values are long overdue. I think there must naturally be a piece of native script somewhere in the OC code, to delete the records at their expire time. Wondering why isn't it working. Otherwise, even if such a script was and worked, how could the admin adjust the time of the session, is there any setting anywhere? And finally, I don't really see the use of the session records since at least in the OC standard installation, the session table doesn't store anything else but language and currency. And here comes my point, and the gentle request I extend to this community, is there any mod, extension out there, to have the session record other data, like mainly the originating IP?

Newbie

Posts

Joined
Sun Mar 28, 2021 6:06 am

Post by ADD Creative » Tue Feb 01, 2022 1:59 am

svdumitrescu wrote:
Mon Jan 31, 2022 10:25 pm
Hi. Found this topic after an "opencart session table" Google search. I was too puzzled why more than 300 pages by 25 records each in the oc_session table, with very little activity on that store. To the point most of those here made, I see there's an "expire" datetime field, and many values are long overdue. I think there must naturally be a piece of native script somewhere in the OC code, to delete the records at their expire time. Wondering why isn't it working. Otherwise, even if such a script was and worked, how could the admin adjust the time of the session, is there any setting anywhere? And finally, I don't really see the use of the session records since at least in the OC standard installation, the session table doesn't store anything else but language and currency. And here comes my point, and the gentle request I extend to this community, is there any mod, extension out there, to have the session record other data, like mainly the originating IP?
There was a bug in that the session garbage collection was never called. This was fixed in 3.0.3.7.

Other information is stored in the session and the ID is used on the cart table.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Who is online

Users browsing this forum: No registered users and 6 guests