View Single Post
Old 2017-02-02, 07:56   #1190
Serpentine Vermin Jar
Madpoo's Avatar
Jul 2014

63128 Posts

Originally Posted by Madpoo View Post
Dadgumit... I'd written this reply about the differences between the PHP session timeout and the cookie expiration...I thought I knew what PHP was doing.

But, I did some testing and even though there's a lovely GIMPSWWW cookie value being set, when I logout it's still there, and logging back in doesn't cause the server to do a set-cookie like I thought. So, it probably is using those pesky PHP session files after all. Curses.

I'll have to explore some more and see what's up. I'm spoiled at my day job...there are people who figure that sort of thing out for me (and we don't use PHP, fortunately).
If I delete the cookie and login again, it does a set-cookie like this:
Set-Cookie: GIMPSWWW=<encoded string>; expires=Thu, 09-Feb-2017 07:44:40 GMT; Max-Age=604800; path=/;
So it does set the cookie timeout like I thought, 7 days (604,800 seconds).

That encoded string actually hashes it to the PHP session file which has the info that the server references (user id, team id, etc). The data is actually JSON...I honestly didn't know what format it would be; I didn't expect JSON, but whatever.

See, I'm used to systems where the cookie might hold a token that was generated using a static key, and that token is your passport, there doesn't need to be anything stored on the server.

In one sense, it's nice because that file has some frequently used info, like your team/user id which the various web pages can use to quickly reference. The downside is that PHP on Windows throws all those files into a single directory. I don't know how much any of y'all know about Windows file systems (FAT32 or NTFS, either way) but let's just say putting 500K-600K files into a single directory is a nightmare for performance.

Fortunately if the system is looking for a particular file, it loads fast, no worries. But if you're doing any kind of bulk file management, forget about it. I should explore if PHP has any kind of option for multi-level support for those. 2K-5K files per directory is really about optimal for that. Any more and it just bogs down.

Last fiddled with by Madpoo on 2017-02-02 at 08:02
Madpoo is offline   Reply With Quote