R: R: [Chameleon] Chameleon authorization

gianluigi nozza gianluigi.nozza at tiscali.it
Fri Oct 13 04:17:46 EDT 2006


I have the 2.4.1 ms4w version of chameleon running on windows xp sp2, with
apache 2.x and mapserver ms4w 1.5.5. (with php 4.x)
I have realized that probably garbage collection is a php feature rather
then chameleon. In my case setting the probability to 100/100 effectively
starts the garbage collection process, since some sessions are deleted, but
some sessions far beyond the maxlifetime limit, are kept without reason on
the system. Can't figure out why.


-----Messaggio originale-----
Da: Julien-Samuel Lacroix [mailto:jlacroix at mapgears.com] 
Inviato: giovedì 12 ottobre 2006 16.09
A: gianluigi nozza
Cc: chameleon at lists.maptools.org
Oggetto: Re: R: [Chameleon] Chameleon authorization

Can you please had a note in the bug with your version of Chameleon and 
the system you have. That way we'll have another test case to reproduce 
this.

Julien

gianluigi nozza wrote:
> I didn't realize that chameleon should have a garbage collection feature
> capable of erase expired session (based upon the value of
> session.gc_maxlifetime in php.ini). I also have seen that the garbage
> collection process has a default probability of 1/100 to start each time a
> session is started, but even setting the probability to 100/100 apparently
> garbage collection never starts (so you have to delete old sessions
> manually). I have seen some post in the past already stating the problem.
As
> far as I know no bug report is opened about, maybe the DM solution team
> could verify ?
> 
> -----Messaggio originale-----
> Da: Julien-Samuel Lacroix [mailto:jlacroix at mapgears.com] 
> Inviato: mercoledì 11 ottobre 2006 17.50
> A: gianluigi nozza
> Cc: chameleon at lists.maptools.org
> Oggetto: Re: [Chameleon] Chameleon authorization
> 
> Hi,
> Chameleon should delete old session itself based on the session 
> parameters in php.ini. If not, please open a bug.
> 
> One thing you can do is to set the Visible or Enabled parameter in your 
> widgets based on the user logged. I know someone already did that, but 
> don't remember who.
> 
> Julien
> 
> gianluigi nozza wrote:
> 
>>Hi all,
>>
>>I took a look to the sample_user and sample_admin phtml files to try a 
>>simple authorization feature in Chameleon. I was able to setup a demo 
>>application with authorization capabilities but I found that destroing 
>>sessions (for example when you clean the tmp directory) also destroy the 
>>sql_lite dbase in wich passwords are probably stored, so I have modified 
>>the examples above to write and read files in another directory. It 
>>works ! so I can clean up the tmp directory without having to define 
>>each time the authorized users.
>>
>>Is it a correct approach ? or for some reason I can’t figure out, the 
>>dbase must reside in the tmp directory ?
>>
>>Another question; at this point, when you have authorized an user, how 
>>can you provide different functionality to your application ? I have 
>>seen that one approach could be serving different templates based upon 
>>the user name logged, but this of corse requires a lot of customization 
>>work. Other approaches ?
>>
>>Gianluigi
>>
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>Chameleon mailing list
>>Chameleon at lists.maptools.org
>>http://lists.maptools.org/mailman/listinfo/chameleon
> 
> 

-- 
Julien-Samuel Lacroix
Mapgears
http://www.mapgears.com/





More information about the Chameleon mailing list