Zend_Session proposal ver3 + More Working Code

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Zend_Session proposal ver3 + More Working Code

Ralph Schindler
Proposal 3 is uploaded and attached.

http://www.ralphschindler.com/Zend_Framework_Modules/Zend_Session/Zend_Session-proposal3.txt
http://www.ralphschindler.com/Zend_Framework_Modules/Zend_Session/Zend_Session_Module-0.3.zip

again, no format unit tests..

And, as always, this invites thoughts, concerns, criticisms, praise,
whatever.


-ralph




Proposed Component Name
-----------------------------------------------
Zend_Session


Proposers
-----------------------------------------------
Ralph Schindler <ralph (dot) schindler----at----g m a i l (dot) com>


Revision
-----------------------------------------------
$Id: Zend_Session-proposal.txt,v 3.0 2006/05/15 16:00:00 ralph Exp $


Overview
-----------------------------------------------
Zend_Session provides a standardized interface to common functionality
found in or indigenous to site session implementations.  The core of
Zend_Session implements functionality for persistent variables and
transitory variables as well as some common security features, and
common session conveniences such as "remember me". Having a
standardized interface also allows inherent functionality for
securing sites against session fixation and like attacks.


References
-----------------------------------------------
http://www.php.net/session
http://shiflett.org/articles/security-corner-feb2004
http://www.ralphschindler.com/Zend_Framework_Modules/Zend_Session/
http://java.sun.com/j2ee/sdk_1.2.1/techdocs/api/javax/servlet/http/HttpSession.html
http://wiki.rubyonrails.com/rails/pages/sessions

Requirements
-----------------------------------------------
PHP5
Zend Framework


Dependencies on Other Framework Components
-----------------------------------------------
Zend_Exception



Theory of Operation
-----------------------------------------------
Zend_Session utilizes ext/session and and _SESSION supberglobal as its
storage mechanism.  That being the case, only one session instance can
exist at any given time during the execution of a page request.

Optionally first, the user may pass options to the
Zend_Session::setOptions() method.  These options currently are the same
options available to the ext/session (a list is here:
http://us3.php.net/session#session.configuration).  To pass the options
just pass the basename (the non session. part) as part of an array to
setOptions.

Next, the user may attain an instance of Zend_Session from the
getInstance() method..  Without setting any options, Zend_Session will
utilize the recommended options first, then the default php.ini settings.

The internals of Zend_Session are implemented in such a way as to promote
the use of namespaces to distinguish types of variables and attaching
specific functionality to them.  This also allows for a pluggable
interface for user specific session variable functionality.  (More on
this later).

Methods set, get, has, remove, __set, __get, __isset, and __unset
operate on variables in the persistent namespace, or variables that will
exist till the session is destroyed.  Methods setTransitory, getTransitory,
hasTransitory, removeTransitory operate on variables in the transitory
namespace.  These variables will exist for one cycle of the Session only.
So if a variables like a ui message is put in the transitory namespace, it
is available to the next page request only.  At the end of the next page
call, the variable will cease to exist.

Namespaces can be used in extending Zend_Session.  One idea is that
on could extend Zend_Session to Zend_Session_User and implement
setUser()/getUser() methods that could (while calling regenereateId())
help prevent against session fixation attacks in user based systems.
See: http://shiflett.org/articles/security-corner-feb2004 for a
detailed explanation of the idea of session regeneration of id's
for securing against session fixation attacks.

Common functionality components include the following which also
have usage examples in the next session:
  - Variables: having an initialized session, the ability to get
         and set persistent variables.
  - Transitory Data: the ability to store non-persistent data that
         will exists only though out the next instance of
         Zend_Session
  - Security Enhancements: ability to lock users to an IP address or a
         User Agent
  - Session Enhancements: ability to persist sessions through browser
         closing.. (Sessions with an expiration date in the future..
         Remember Me feature)


Class Index
-----------------------------------------------
Zend_Session (public)
Zend_Session_DataPluginInterface
Zend_Session_SaveHandlerInterface



Use Cases - Unit Tests
-----------------------------------------------

     $session = Zend_Session::getInstance();
     Zend::register("session", $session);

     -- snip snip --

     $session = Zend::registry("session");

     // test id regeneration
     if ($session->get('counter') == 20)
         $session->regenerateId();

     echo "<pre>Current Session ID:".$session->getId()."\n";

     // testing transitory
     $old_rand_number = $session->getTransitory("rand_number");
     $new_rand_number = rand(1,10);

     $session->setTransitory("rand_number", $new_rand_number);

     echo "trans old rand: ".$old_rand_number."\n";
     echo "trans new rand: ".$new_rand_number."\n";


     // testing variables
     echo "Counter: " . $session->get('counter') . "\n";

     if ($session->get('counter') == 30)
         $session->remove('counter');

     if (!$session->has('counter'))
         $session->set('counter', 10);
     else
         $session->set('counter', ($session->get('counter') + 1) );

     // testing __get
     echo "\n\n__get()\nCounter: ".$session->counter;

     // testing __set
     if ($session->counter == 25)
     {
         echo "\n\nCOUNTER JUMPING __set() adding +1\n";
         $session->counter++;
     }


Class Skeletons
-----------------------------------------------

<?

/**
  * Zend_Session
  *
  * @package    Zend_Session
  * @copyright  none applied yet
  * @license    none applied yet
  */
class Zend_Session
{

     /**
      * Persistent constant, value is the actual namespace in the
session storage engine
      *
      */
     const PERSISTENT = "P";

     /**
      * Transitory constant, value is the actual namespace in the
session storage engine
      *
      */
     const TRANSITORY = "T";

     /**
      * Private variable space for transitory information
      *
      * @var mixed
      */
     private $_transitory = null;

     /**
      * Whether the session is still writable
      *
      * @var bool
      */
     private $_writable = false;

     /**
      * Instance of Zend_Session
      *
      * @var Zend_Session
      */
     static private $_instance = null;


     /**
      * Data plugin list
      *
      * @var array
      */
     static private $_data_plugins = array();

     /**
      * Private list of php's ini values for ext/session
      * null values will default to the php.ini value, otherwise
      * the value below will overwrite the default ini value, unless
      * the user has set an option explicity with setOptions()
      *
      * @var array
      */
     static private $_default_options = array(
         "save_path"                 => null,
         "name"                      => null,
         "save_handler"              => null,
         "auto_start"                => null,
         "gc_probability"            => null,
         "gc_divisor"                => null,
         "gc_maxlifetime"            => null,
         "serialize_handler"         => null,
         "cookie_lifetime"           => null,
         "cookie_path"               => null,
         "cookie_domain"             => null,
         "cookie_secure"             => null,
         "use_cookies"               => null,
         "use_only_cookies"          => "on",
         "referer_check"             => null,
         "entropy_file"              => null,
         "entropy_length"            => null,
         "cache_limiter"             => null,
         "cache_expire"              => null,
         "use_trans_sid"             => null,
         "bug_compat_42"             => null,
         "bug_compat_warn"           => null,
         "hash_function"             => null,
         "hash_bits_per_character"   => null
     );

     /**
      * Whether options were parsed prior to instance creation
      *
      * @var bool
      */
     static private $_options_parsed = false;

     /**
      * GetInstance() - manager of the singleton
      *
      * @return Zend_Session
      */
     static public function getInstance()

     /**
      * SetOptions - allows the user to pass and override session options
      *
      * @param array $user_options
      */
     static public function setOptions(array $user_options)

     /**
      * Session save handler
      *
      * @param Zend_Session_SaveHandlerInterface $interface
      */
     static public function
setSaveHandler(Zend_Session_SaveHandlerInterface $interface)

     static public function
registerDataPlugin(Zend_Session_DataPluginInterface $interface)

     /**
      *
      * Constructor of the Session Object, by default will use the
Internal php
      * session handler.  Options for the selected engine should be in
the name key
      * variable format.
      *
      * @param string $adapter_name
      * @return bool
      */
     public function __construct()

     /**
      * Destructor
      *
      */
     public function __destruct()

     /**
      * Isset Overloader - iseet($instance->thing)
      *
      * @param string $name
      * @return bool
      */
     public function __isset($name)

     /**
      * Unset Overloader - unset($instance->thing)
      *
      * @param string $name
      * @return bool
      */
     public function __unset($name)

     /**
      * Set Overloader - $instance->variable = value;
      *
      * @param string $name
      * @param mixed $value
      * @return bool
      */
     public function __set($name, $value)

     /**
      * Get Overloader - echo $instance->variable
      *
      * @param string $name
      * @return mixed
      */
     public function __get($name)

     /**
      * Call Overloader - used for hooking into a plugin
      *
      * @todo
      */
     public function __call($method, $args)

     /**
      * Session start method
      *
      */
     public function start()

     /**
      * WriteClose() -  when session is unset or all references are
destroyed, we no longer
      * need to keep our session files open.  Useful for framesets and
decreasing loading
      * time.
      *
      * @see http://us2.php.net/session_write_close
      */
     public function writeClose()

     /**
      * Destroy - when this is called the session data is released from
the session
      *
      * @see http://us2.php.net/session_destroy
      * @return bool
      */
     public function destroy()

     /**
      * Method to regenerate the session id, useful to use when the user
changes
      * state to help prevent against session fixation attacks.
      */
     public function getId()

     /**
      * Method to regenerate the session id, useful to use when the user
changes
      * state to help prevent against session fixation attacks.
      *
      * @see http://us2.php.net/session_regenerate_id
      * @return bool
      */
     public function regenerateId()

     /**
      * Method for checking if a persistent variable exists
      *
      * @param string $name
      * @return mixed
      */
     public function has($name)

     /**
      * Method for setting a persistent variable
      *
      * @param string $name
      * @param mixed $value
      * @return true
      */
     public function set($name, $value)

     /**
      * Method for getting a persistent variable
      *
      * @param string $name
      * @return mixed
      */
     public function get($name)

     /**
      * Method to remove a persistent name/value pair from the session
      *
      * @param string $name
      */
     public function remove($name)

     /**
      * Method to check if a transitory variable exists
      *
      * @param string $name optional
      * @return boolean
      */
     public function hasTransitory($name = null)

     /**
      * Method to set a transitory variable, will only exist throughout the
      * next client request that this session initiated
      *
      * @param string $name
      * @param mixed $value
      */
     public function setTransitory($name, $value)

     /**
      * Method to get a transitory variable that was set in the last
request,
      * this will only exist during the existence of the current request
      *
      * @param string $name
      * @return mixed
      */
     public function getTransitory($name = null)

     /**
      * Method to remove transitory variables from the session
      *
      * @return true
      */
     public function removeTransitory($name)

     /**
      * Method to turn the current session based cookie into a
persistent cookie
      * This needs to be implements after php 5.1.2 since there is a
session bug.
      * @todo
      */
     public function rememberMe()

     /**
      * Method to lock the current session to a specific REMOTE_IP
      *
      * @todo
      */
     public function bindToIP()


     /**
      * Method to lock the current session to a specific user-agent string
      *
      * @todo
      */
     public function bindToUserAgent()


     /**
      * Internal data setter, must provide a namespace to store variables to
      *
      * @param string $namespace
      * @param string $name
      * @param mixed $value
      * @return bool
      */
     private function _namespaceSet($namespace, $name, $value)

     /**
      *  Internal data getter, must provide a namespace to store
variables to
      *
      * @param string $namespace
      * @param string $name
      * @return bool
      */
     private function _namespaceGet($namespace, $name = null)


     /**
      *  Internal data checker, must provide a namespace to store
variables to
      *
      * @param string $namespace
      * @param string $name
      * @return bool
      */
     private function _namespaceHas($namespace, $name = null)

     /**
      *  Internal data remover, must provide a namespace to store
variables to
      *
      * @param string $namespace
      * @param string $name
      */
     private function _namespaceRemove($namespace, $name = null)

}




<?

/**
  * Save Handler Interface for Sessions
  *
  * @see http://us3.php.net/manual/en/function.session-set-save-handler.php
  */
interface SaveHandlerInterface
{

     /**
      * Open Session - retrieve resources
      *
      * @param string $save_path
      * @param string $name
      */
     public function open($save_path, $name);

     /**
      * Close Session - free resources
      *
      */
     public function close();

     /**
      * Read session data
      *
      * @param string $id
      */
     public function read($id);

     /**
      * Write Session - commit data to resource
      *
      * @param unknown_type $id
      * @param unknown_type $data
      */
     public function write($id, $data);

     /**
      * Destroy Session - remove data from resource for
      * given session id
      *
      * @param unknown_type $id
      */
     public function destroy($id);

     /**
      * Garbage Collection - remove old session data older
      * than $maxlifetime (in seconds)
      *
      * @param int $maxlifetime
      */
     public function gc($maxlifetime);

}

<?

interface DataPluginInterface
{

     protected $_namespace = null;

     // optional
     // public function start() {}

     public function get($name, $value);

     public function set($name);

     public function has($name);

     public function remove($name);

}









Reply | Threaded
Open this post in threaded view
|

Re: Zend_Session proposal ver3 + More Working Code

Sergej-2
How do you get or set an array element? As far as I see you can only use elements which are directly in the $_SESSION array. What I mean is you can't get $_SESSION['key1']['key2'] with your current code.

I suggest using formated string in get/set methods. That is Zend_Session::get(' key1.key2') would return $_SESSION['key1']['key2'] value. The only problem that such method would use eval() function.

Sorry for spelling :}
Reply | Threaded
Open this post in threaded view
|

Re: Zend_Session proposal ver3 + More Working Code

André Hoffmann
$session = Zend_Session::getInstance();
$foo = $session->get('foo');
echo $foo['bar'];

should work..

plz do not implement eval()!!

you might wanna change the get function to Zend_Session::get('foo', 'bar', 'test', 'infinite other stuff'..) which would give back $_SESSION[$namespace]['foo']['bar']['test']['...]

but i don't think that's really necessary..

On 5/16/06, Sergej Andrejev <[hidden email]> wrote:
How do you get or set an array element? As far as I see you can only use elements which are directly in the $_SESSION array. What I mean is you can't get $_SESSION['key1']['key2'] with your current code.

I suggest using formated string in get/set methods. That is Zend_Session::get(' key1.key2') would return $_SESSION['key1']['key2'] value. The only problem that such method would use eval() function.

Sorry for spelling :}



--
best regards,
André Hoffmann
Germany
Reply | Threaded
Open this post in threaded view
|

Re: Zend_Session proposal ver3 + More Working Code

Sebastian Bergmann
In reply to this post by Ralph Schindler
Ralph Schindler wrote:
> And, as always, this invites thoughts, concerns, criticisms, praise,
> whatever.

 I fail to see the need for an object-oriented wrapper for ext/session.

--
Sebastian Bergmann                      http://www.sebastian-bergmann.de/
GnuPG Key: 0xB85B5D69 / 27A7 2B14 09E4 98CD 6277 0E5B 6867 C514 B85B 5D69

Reply | Threaded
Open this post in threaded view
|

Re: Zend_Session proposal ver3 + More Working Code

Ralph Schindler
In reply to this post by André Hoffmann
André Hoffmann wrote:
> $session = Zend_Session::getInstance();
> $foo = $session->get('foo');
> echo $foo['bar'];
>
> should work..

which does.

> plz do not implement eval()!!
>
> you might wanna change the get function to Zend_Session::get('foo',
> 'bar', 'test', 'infinite other stuff'..) which would give back
> $_SESSION[$namespace]['foo']['bar']['test']['...]
>
> but i don't think that's really necessary..

as do i.  in the current form, that would translate to:

$session = Zend_Session::getInstance();

$foo = $session->foo;

// where foo is an array of:
// $foo['bar']['test']['infinite other stuff']


The idea being to only store things in the session that make sense as
putting more data into the session would impact performance in the end
due to data unserialization/serialization.

If this Zend_Session implementation ever gets accepted, I plan on
writing a few articles that would have a plethora of session example
code.  A few of the topics being: storage mechanisms, performance,
security, and pluggable interfaces of Zend Session to name a few off the
top of my head.  Above all else though, the interface/api should stay
really simple to use...

-ralph

Reply | Threaded
Open this post in threaded view
|

Re: Re: Zend_Session proposal ver3 + More Working Code

Ralph Schindler
In reply to this post by Sebastian Bergmann
Sebastian Bergmann wrote:
> Ralph Schindler wrote:
>
>  I fail to see the need for an object-oriented wrapper for ext/session.
>

Heh, sounds very existential to me... I just didnt want sessions to feel
left out, I mean, databases now have dual oop layers: one in PDO and
another in Zend_Db.. Heck, even page requests get an OOP interface
(think controller), how fair is that?  ;)

On a more serious note, I think there are security concerns, best
practice approaches, as well as some common session functionality that
can be addressed by this api/interface...

-ralph
Reply | Threaded
Open this post in threaded view
|

Re: Zend_Session proposal ver3 + More Working Code

Andi Gutmans
In reply to this post by Ralph Schindler
Thanks Ralph. Will take a look at it.

At 12:56 PM 5/15/2006, Ralph Schindler wrote:

>Proposal 3 is uploaded and attached.
>
>http://www.ralphschindler.com/Zend_Framework_Modules/Zend_Session/Zend_Session-proposal3.txt
>http://www.ralphschindler.com/Zend_Framework_Modules/Zend_Session/Zend_Session_Module-0.3.zip
>
>again, no format unit tests..
>
>And, as always, this invites thoughts, concerns, criticisms, praise, whatever.
>
>
>-ralph
>
>
>
>
>Proposed Component Name
>-----------------------------------------------
>Zend_Session
>
>
>Proposers
>-----------------------------------------------
>Ralph Schindler <ralph (dot) schindler----at----g m a i l (dot) com>
>
>
>Revision
>-----------------------------------------------
>$Id: Zend_Session-proposal.txt,v 3.0 2006/05/15 16:00:00 ralph Exp $
>
>
>Overview
>-----------------------------------------------
>Zend_Session provides a standardized interface to common functionality
>found in or indigenous to site session implementations.  The core of
>Zend_Session implements functionality for persistent variables and
>transitory variables as well as some common security features, and
>common session conveniences such as "remember me". Having a
>standardized interface also allows inherent functionality for
>securing sites against session fixation and like attacks.
>
>
>References
>-----------------------------------------------
>http://www.php.net/session
>http://shiflett.org/articles/security-corner-feb2004
>http://www.ralphschindler.com/Zend_Framework_Modules/Zend_Session/
>http://java.sun.com/j2ee/sdk_1.2.1/techdocs/api/javax/servlet/http/HttpSession.html
>http://wiki.rubyonrails.com/rails/pages/sessions
>
>Requirements
>-----------------------------------------------
>PHP5
>Zend Framework
>
>
>Dependencies on Other Framework Components
>-----------------------------------------------
>Zend_Exception
>
>
>
>Theory of Operation
>-----------------------------------------------
>Zend_Session utilizes ext/session and and _SESSION supberglobal as its
>storage mechanism.  That being the case, only one session instance can
>exist at any given time during the execution of a page request.
>
>Optionally first, the user may pass options to the
>Zend_Session::setOptions() method.  These options currently are the same
>options available to the ext/session (a list is here:
>http://us3.php.net/session#session.configuration).  To pass the options
>just pass the basename (the non session. part) as part of an array to
>setOptions.
>
>Next, the user may attain an instance of Zend_Session from the
>getInstance() method..  Without setting any options, Zend_Session will
>utilize the recommended options first, then the default php.ini settings.
>
>The internals of Zend_Session are implemented in such a way as to promote
>the use of namespaces to distinguish types of variables and attaching
>specific functionality to them.  This also allows for a pluggable
>interface for user specific session variable functionality.  (More on
>this later).
>
>Methods set, get, has, remove, __set, __get, __isset, and __unset
>operate on variables in the persistent namespace, or variables that will
>exist till the session is destroyed.  Methods setTransitory, getTransitory,
>hasTransitory, removeTransitory operate on variables in the transitory
>namespace.  These variables will exist for one cycle of the Session only.
>So if a variables like a ui message is put in the transitory namespace, it
>is available to the next page request only.  At the end of the next page
>call, the variable will cease to exist.
>
>Namespaces can be used in extending Zend_Session.  One idea is that
>on could extend Zend_Session to Zend_Session_User and implement
>setUser()/getUser() methods that could (while calling regenereateId())
>help prevent against session fixation attacks in user based systems.
>See: http://shiflett.org/articles/security-corner-feb2004 for a
>detailed explanation of the idea of session regeneration of id's
>for securing against session fixation attacks.
>
>Common functionality components include the following which also
>have usage examples in the next session:
>  - Variables: having an initialized session, the ability to get
>         and set persistent variables.
>  - Transitory Data: the ability to store non-persistent data that
>         will exists only though out the next instance of
>         Zend_Session
>  - Security Enhancements: ability to lock users to an IP address or a
>         User Agent
>  - Session Enhancements: ability to persist sessions through browser
>         closing.. (Sessions with an expiration date in the future..
>         Remember Me feature)
>
>
>Class Index
>-----------------------------------------------
>Zend_Session (public)
>Zend_Session_DataPluginInterface
>Zend_Session_SaveHandlerInterface
>
>
>
>Use Cases - Unit Tests
>-----------------------------------------------
>
>     $session = Zend_Session::getInstance();
>     Zend::register("session", $session);
>
>     -- snip snip --
>
>     $session = Zend::registry("session");
>
>     // test id regeneration
>     if ($session->get('counter') == 20)
>         $session->regenerateId();
>
>     echo "<pre>Current Session ID:".$session->getId()."\n";
>
>     // testing transitory
>     $old_rand_number = $session->getTransitory("rand_number");
>     $new_rand_number = rand(1,10);
>
>     $session->setTransitory("rand_number", $new_rand_number);
>
>     echo "trans old rand: ".$old_rand_number."\n";
>     echo "trans new rand: ".$new_rand_number."\n";
>
>
>     // testing variables
>     echo "Counter: " . $session->get('counter') . "\n";
>
>     if ($session->get('counter') == 30)
>         $session->remove('counter');
>
>     if (!$session->has('counter'))
>         $session->set('counter', 10);
>     else
>         $session->set('counter', ($session->get('counter') + 1) );
>
>     // testing __get
>     echo "\n\n__get()\nCounter: ".$session->counter;
>
>     // testing __set
>     if ($session->counter == 25)
>     {
>         echo "\n\nCOUNTER JUMPING __set() adding +1\n";
>         $session->counter++;
>     }
>
>
>Class Skeletons
>-----------------------------------------------
>
><?
>
>/**
>  * Zend_Session
>  *
>  * @package    Zend_Session
>  * @copyright  none applied yet
>  * @license    none applied yet
>  */
>class Zend_Session
>{
>
>     /**
>      * Persistent constant, value is the actual namespace in the
> session storage engine
>      *
>      */
>     const PERSISTENT = "P";
>
>     /**
>      * Transitory constant, value is the actual namespace in the
> session storage engine
>      *
>      */
>     const TRANSITORY = "T";
>
>     /**
>      * Private variable space for transitory information
>      *
>      * @var mixed
>      */
>     private $_transitory = null;
>
>     /**
>      * Whether the session is still writable
>      *
>      * @var bool
>      */
>     private $_writable = false;
>
>     /**
>      * Instance of Zend_Session
>      *
>      * @var Zend_Session
>      */
>     static private $_instance = null;
>
>
>     /**
>      * Data plugin list
>      *
>      * @var array
>      */
>     static private $_data_plugins = array();
>
>     /**
>      * Private list of php's ini values for ext/session
>      * null values will default to the php.ini value, otherwise
>      * the value below will overwrite the default ini value, unless
>      * the user has set an option explicity with setOptions()
>      *
>      * @var array
>      */
>     static private $_default_options = array(
>         "save_path"                 => null,
>         "name"                      => null,
>         "save_handler"              => null,
>         "auto_start"                => null,
>         "gc_probability"            => null,
>         "gc_divisor"                => null,
>         "gc_maxlifetime"            => null,
>         "serialize_handler"         => null,
>         "cookie_lifetime"           => null,
>         "cookie_path"               => null,
>         "cookie_domain"             => null,
>         "cookie_secure"             => null,
>         "use_cookies"               => null,
>         "use_only_cookies"          => "on",
>         "referer_check"             => null,
>         "entropy_file"              => null,
>         "entropy_length"            => null,
>         "cache_limiter"             => null,
>         "cache_expire"              => null,
>         "use_trans_sid"             => null,
>         "bug_compat_42"             => null,
>         "bug_compat_warn"           => null,
>         "hash_function"             => null,
>         "hash_bits_per_character"   => null
>     );
>
>     /**
>      * Whether options were parsed prior to instance creation
>      *
>      * @var bool
>      */
>     static private $_options_parsed = false;
>
>     /**
>      * GetInstance() - manager of the singleton
>      *
>      * @return Zend_Session
>      */
>     static public function getInstance()
>
>     /**
>      * SetOptions - allows the user to pass and override session options
>      *
>      * @param array $user_options
>      */
>     static public function setOptions(array $user_options)
>
>     /**
>      * Session save handler
>      *
>      * @param Zend_Session_SaveHandlerInterface $interface
>      */
>     static public function
> setSaveHandler(Zend_Session_SaveHandlerInterface $interface)
>
>     static public function
> registerDataPlugin(Zend_Session_DataPluginInterface $interface)
>
>     /**
>      *
>      * Constructor of the Session Object, by default will use the
> Internal php
>      * session handler.  Options for the selected engine should be
> in the name key
>      * variable format.
>      *
>      * @param string $adapter_name
>      * @return bool
>      */
>     public function __construct()
>
>     /**
>      * Destructor
>      *
>      */
>     public function __destruct()
>
>     /**
>      * Isset Overloader - iseet($instance->thing)
>      *
>      * @param string $name
>      * @return bool
>      */
>     public function __isset($name)
>
>     /**
>      * Unset Overloader - unset($instance->thing)
>      *
>      * @param string $name
>      * @return bool
>      */
>     public function __unset($name)
>
>     /**
>      * Set Overloader - $instance->variable = value;
>      *
>      * @param string $name
>      * @param mixed $value
>      * @return bool
>      */
>     public function __set($name, $value)
>
>     /**
>      * Get Overloader - echo $instance->variable
>      *
>      * @param string $name
>      * @return mixed
>      */
>     public function __get($name)
>
>     /**
>      * Call Overloader - used for hooking into a plugin
>      *
>      * @todo
>      */
>     public function __call($method, $args)
>
>     /**
>      * Session start method
>      *
>      */
>     public function start()
>
>     /**
>      * WriteClose() -  when session is unset or all references are
> destroyed, we no longer
>      * need to keep our session files open.  Useful for framesets
> and decreasing loading
>      * time.
>      *
>      * @see http://us2.php.net/session_write_close
>      */
>     public function writeClose()
>
>     /**
>      * Destroy - when this is called the session data is released
> from the session
>      *
>      * @see http://us2.php.net/session_destroy
>      * @return bool
>      */
>     public function destroy()
>
>     /**
>      * Method to regenerate the session id, useful to use when the
> user changes
>      * state to help prevent against session fixation attacks.
>      */
>     public function getId()
>
>     /**
>      * Method to regenerate the session id, useful to use when the
> user changes
>      * state to help prevent against session fixation attacks.
>      *
>      * @see http://us2.php.net/session_regenerate_id
>      * @return bool
>      */
>     public function regenerateId()
>
>     /**
>      * Method for checking if a persistent variable exists
>      *
>      * @param string $name
>      * @return mixed
>      */
>     public function has($name)
>
>     /**
>      * Method for setting a persistent variable
>      *
>      * @param string $name
>      * @param mixed $value
>      * @return true
>      */
>     public function set($name, $value)
>
>     /**
>      * Method for getting a persistent variable
>      *
>      * @param string $name
>      * @return mixed
>      */
>     public function get($name)
>
>     /**
>      * Method to remove a persistent name/value pair from the session
>      *
>      * @param string $name
>      */
>     public function remove($name)
>
>     /**
>      * Method to check if a transitory variable exists
>      *
>      * @param string $name optional
>      * @return boolean
>      */
>     public function hasTransitory($name = null)
>
>     /**
>      * Method to set a transitory variable, will only exist throughout the
>      * next client request that this session initiated
>      *
>      * @param string $name
>      * @param mixed $value
>      */
>     public function setTransitory($name, $value)
>
>     /**
>      * Method to get a transitory variable that was set in the last request,
>      * this will only exist during the existence of the current request
>      *
>      * @param string $name
>      * @return mixed
>      */
>     public function getTransitory($name = null)
>
>     /**
>      * Method to remove transitory variables from the session
>      *
>      * @return true
>      */
>     public function removeTransitory($name)
>
>     /**
>      * Method to turn the current session based cookie into a
> persistent cookie
>      * This needs to be implements after php 5.1.2 since there is a
> session bug.
>      * @todo
>      */
>     public function rememberMe()
>
>     /**
>      * Method to lock the current session to a specific REMOTE_IP
>      *
>      * @todo
>      */
>     public function bindToIP()
>
>
>     /**
>      * Method to lock the current session to a specific user-agent string
>      *
>      * @todo
>      */
>     public function bindToUserAgent()
>
>
>     /**
>      * Internal data setter, must provide a namespace to store variables to
>      *
>      * @param string $namespace
>      * @param string $name
>      * @param mixed $value
>      * @return bool
>      */
>     private function _namespaceSet($namespace, $name, $value)
>
>     /**
>      *  Internal data getter, must provide a namespace to store variables to
>      *
>      * @param string $namespace
>      * @param string $name
>      * @return bool
>      */
>     private function _namespaceGet($namespace, $name = null)
>
>
>     /**
>      *  Internal data checker, must provide a namespace to store variables to
>      *
>      * @param string $namespace
>      * @param string $name
>      * @return bool
>      */
>     private function _namespaceHas($namespace, $name = null)
>
>     /**
>      *  Internal data remover, must provide a namespace to store variables to
>      *
>      * @param string $namespace
>      * @param string $name
>      */
>     private function _namespaceRemove($namespace, $name = null)
>
>}
>
>
>
>
><?
>
>/**
>  * Save Handler Interface for Sessions
>  *
>  * @see http://us3.php.net/manual/en/function.session-set-save-handler.php
>  */
>interface SaveHandlerInterface
>{
>
>     /**
>      * Open Session - retrieve resources
>      *
>      * @param string $save_path
>      * @param string $name
>      */
>     public function open($save_path, $name);
>
>     /**
>      * Close Session - free resources
>      *
>      */
>     public function close();
>
>     /**
>      * Read session data
>      *
>      * @param string $id
>      */
>     public function read($id);
>
>     /**
>      * Write Session - commit data to resource
>      *
>      * @param unknown_type $id
>      * @param unknown_type $data
>      */
>     public function write($id, $data);
>
>     /**
>      * Destroy Session - remove data from resource for
>      * given session id
>      *
>      * @param unknown_type $id
>      */
>     public function destroy($id);
>
>     /**
>      * Garbage Collection - remove old session data older
>      * than $maxlifetime (in seconds)
>      *
>      * @param int $maxlifetime
>      */
>     public function gc($maxlifetime);
>
>}
>
><?
>
>interface DataPluginInterface
>{
>
>     protected $_namespace = null;
>
>     // optional
>     // public function start() {}
>
>     public function get($name, $value);
>
>     public function set($name);
>
>     public function has($name);
>
>     public function remove($name);
>
>}
>
>
>
>
>
>
>
>