[development] should I alter the sessions table?

David Cohen drupal at dave-cohen.com
Tue Mar 31 20:27:48 UTC 2009


Here's what I've learned since my original post...

Changing sid from varchar(64) to varchar(255) or shorter would have no
effect on a regular drupal install, because the length of the strings
can still be expressed in 1 byte.  With my modules installed some
session keys would be greater than 64 chars, which could add some
overhead to the index of the table.  (I may be underestimating the
impact of the change, if mysql somehow uses the max length in building a
more efficient index.)

On Tue, 31 Mar 2009 12:39 -0700, "Domenic Santangelo"
<domenic at workhabit.com> wrote:
> On Tue, Mar 31, 2009 at 12:18 PM, Henrique Recidive
> <recidive at gmail.com>wrote:
> >
> Can't you just save you key in a session variable (e.g.
> $_SESSION['fb_key'])
> > ?

Definitely not.  We're talking about the session key, the very thing
that makes it possible for $_SESSION to persist from one request to the
next.  (When serving a Facebook Canvas Page, cookies are not honored and
the session_key _must_ be used instead.)

Facebook's session keys include extra information, like start time and
expiry, which do not contribute to the uniqueness.  (Or so I believe.)
So for the time being I'm trying to solve this problem by truncating the
very long session keys, as that seems easier than altering the table.




More information about the development mailing list