This extension does some extra security checks on the user IP address and User Agent. It is fully customizable and you can enable/disable the checks when you need. If no extra check is enabled, then the default behavior is exactly the same as the original Yii CDbHttpSession Class.
Beside the configuration options provided by original Yii CDbHttpSession Class, this extension provides following 3 options:
1)compareIpBlocks- (integer) How many blocks from the ip address should be compared (defaults to 0). It has an effect only if the value is > 0 and compareIpAddress is set to true.
2)compareIpAddress - (boolean) If the client ip should be checked.
3)compareUserAgent - (boolean) If the User Agent should be checked.
Requirements ¶
Yii 1.1 (checked with Yii 1.1.5)
Usage ¶
You need to add MyCDbHttpSession.php file into your components directory, then edit your config file, main.php in the components area like:
'session' => array(
'class' => 'application.components.MyCDbHttpSession',
'connectionID' => 'db',
'sessionTableName' => 'TABLE_NAME',
'autoCreateSessionTable' => true,
//Extension properties
'compareIpAddress'=>true,
'compareUserAgent'=>true,
'compareIpBlocks'=>0
),
Be careful at the option "autoCreateSessionTable", after you create your table, set it to false.
The table structure:
CREATE TABLE IF NOT EXISTS `{$tableName}` (
`id` char(32) NOT NULL,
`ip_address` int(10) unsigned NOT NULL DEFAULT '0',
`user_agent` char(32) NOT NULL,
`expire` int(11) DEFAULT NULL,
`data` text,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
You can change the engine to MyIsam if needed, i like Inno better so it is my default choice.
This class has been tested, but it would help if i can get some feedback.
Changelog ¶
SQLite Version 1.3
Thanks to thiromi who sent me the version for SQLite and confirmed that the changes he did, works as they should.
Version 1.3
fixed the bug when users couldn't stay logged in if "remember me" option wasn't checked. Thanks @cesig.
Note, only Version 1.2 suffers this bug, 1.1 and 1.3 are okay.
Version 1.2
dropped the usage for bindValues() as it caused problems for some users.
added setters and getters for component properties.
Version 1.1
Changed the database table structure for the ip_address field into unsigned int(10) for mysql inet_aton() and inet_ntoa() compatibility
Changed the database table structure for the user_agent field into char(32)
Changed the way how user agent is stored, now it is a md5() of the entire user agent string
minor code tweaks
Thanks
i like it
You welcome
I am glad that it is useful.
problem
Property "CDbCommand.bindValues" is not defined.
Version
What version of Yii do u have ?
I tested on 1.1.5 and no error what's so ever.
The config params that you gave to the component ?
Version
Thanks for thanks ur fast response,
im useing Yii v1.1.5
main/config.php
'import'=>array( .. 'application.components.*', .. ), 'component'=>array( .. 'session' => array( 'class' => 'application.components.MyCDbHttpSession', 'connectionID' => 'db', 'sessionTableName' => 'tbl_users_session', 'autoCreateSessionTable' => true, //Extension properties 'compareIpAddress'=>true, 'compareUserAgent'=>true, 'compareIpBlocks'=>2 ), .. )Tq
problem solve
the problem, CDbCommand.php in framework/db/ is not update
i have download Yii repo from Unofficial yii framework mirror repo for git users
Good.
http://www.yiiframework.com/doc/api/1.1/CDbCommand/#bindValues-detail
It explicitly says that the method was added in 1.1.5 so there is no reason not to work ;)
bindValues missing...
bindValues missing... and I have newest stable release.
maybe you should rewrite this part and use multiple "bindValue" - it will work for everybody then :)
Sure, why not.
Okay, it makes sense, i will rewrite the component using multiple bindValue calls, so that this ain't going to be a problem anymore.
Though, the issue is bothering me, it should work for everybody having yii 1.1.5
bindValues
I have just noticed there is version 1.1.6 available as "current stable" (published yesterday). With this version there is no problems with "bindValues".
Okay.
Thanks for the heads up on 1.1.6 version, i wasn't aware of the update.
Anyway, i dropped the usage of bindValues(), so right now it should work okay, maybe you can try it and let me know .
Thanks .
Instructions?
This component looks very useful, but I don't see any instructions. How do you use this thing?
Simple.
Hi cesig,
Well, this component extends the default Yii one, so all you have to do, is to copy the MyCDbHttpSession into your /components folder, then open config/main.php and right after the database component, add following lines:
'session' => array( 'class' => 'application.components.MyCDbHttpSession', 'connectionID' => 'db', 'sessionTableName' => 'Your table name', 'autoCreateSessionTable' => true, //Extension properties 'compareIpAddress'=>true, 'compareUserAgent'=>true, 'compareIpBlocks'=>2 ),Then, after the seession table has been created, set autoCreateSessionTable to false.
This should be enough, if u have further questions, let me know.
Instructions?
I'm not sure what's going on now, but I've added the code from your post, and now log-ins don't stick. It's recording information to the sessions table, but it never says I'm logged in.
As soon as I do log in, the link immediately says "Login" instead of "Logout (username)"
Any idea why?
Figured part of it out
I had to check the 'remember me next time' box in order for the login to stick.
Is that a bug?
nope, no bug
No bug, you should read the the guide explaining the Yii auth mechanism.
fixing it
Actually yes, you where right, there seems to be a bug, i will fix it asap.
Bug fixed.
The bug was fixed and i tested it. Everything is working well now even if you check/unckeck "remember me" option.
Thanks cesig for pointing this out, the bug was inserted with Version 1.2 update, so who has 1.1 or 1.3 is bug free.
Thanks
Im using it and works perfectly
changing IP address
From my understanding, the IP address can vary with each request (firewalls, proxy). So, isn't it just better to omit that field/functionality ?
Cheers
Luca
...
@jeanluca - using the ip check is optional, you can disable it anytime, but can be very handy when you are using some kind of voting system based on the user data(this is the only example that comes in my mind now, i am sure there are many more) :)
IPv6 Support?
Great component!
But... How to set IPv6 support?
ipv6
It lacks ipv6 support mainly because as far as i know, not even mysql can handle ipv6 in an integer format (i believe you need 2 big int fields to do it) right now.
The solution, would be to store the ip in a varchar/char field instead of translating it in an integer.
issues once configure
gr8 work!!
but, once I configure with my application, accessing data through session not working before user login...
following code not working :-
$session = new CHttpSession; $session->open();I also tried with following code :-
$session = new CDbHttpSession; $session->open();@surajk
You should always access your components by using Yii::app()->componentName not creating an instance of it.
In your example:
$session = new CHttpSession;will create a new CHttpSession which has nothing to do with the session class i provided.
Instead you should configure your session component in main.php then access it with
issue solve
Thank you for your guidance
Good Logic
I like what you are trying to do in method 'writeSession'
Oracle Support
Does this Component support oracle queries? tried it and run into so many syntax query errors.
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.