On 6/20/06, Adam Zey <azey@xxxxxx> wrote:
Shutting down Apache would do the trick ;) But if you're in a shared hosting environment that may not be possible.
Yeah, don't have full control over the server in this case.
As for sessions, it depends how you track them. You can't kill all PHP sessions in one go, but you could have your web app nuke the sessions of users after they come back after maintenance. Something like first_login_after_maint in the database, that if set to true, mandates that any existing session data be destroyed before continuing.
How about iterating through the /tmp directory and deleting all the session cookies? On second thought, that would kill all the sessions for other apps as well.
I assume that the reason you want to kill session data is because the data and how it is used would be different after the maintenance? Because otherwise, if you've denied all access to ANY of your webapp's php scripts, it shouldn't matter if the user has session data. If you physically move the web app's PHP scripts (Or set up a redirect, etc), they can't do anything with it.
I didn't have a specific reason for doing it, just wasn't sure what the ramifications of having open sessions alive through the maintenance period and afterward might be so I thought it best to just kill them. It doesn't sound like anything horrible can happen except some inconvenience maybe.
Regards, Adam Ben Liu wrote: > Thanks Adam, > > What you say makes good sense to me. Is there some method to run a > script that kills all active sessions on a host? It could become part > of the maintenance script I suppose: > > 1) Kill all active sessions > 2) Put up generic maintenance screen > 3) Deny further login attempts > > - Ben > > On 6/20/06, Adam Zey <azey@xxxxxx> wrote: >> Ben Liu wrote: >> > Hello All, >> > >> > I'm not sure this is strictly a PHP related question or perhaps a >> > server admin question as well. What do you do when you are trying to >> > shutdown a web application for maintenance (like a membership or >> > registration-required system)? I understand that you can temporarily >> > upload or activate a holding page that prevents users from continuing >> > to login/use the system, but how can you insure that there are no >> > ongoing sessions or users still in the process of doing something? >> > What's the best method for handling this, especially if you don't have >> > full control of the server hosting the web app? >> > >> > Thanks for any advice, >> > >> > - Ben >> >> I normally do what you say; activate a holding page. The question comes >> to mind, does it really matter if a user's session is interrupted? Is >> the web application dealing with data that is critical enough (or >> non-critical data in a possibly destructive manner) that you can't just >> cut them off for a while? >> >> You have to consider that users could just as easily be cut off by a >> server crash, packetloss/network issues (on your end OR theirs, or >> anywhere in between), or just might hit the stop button while a script >> is running (Which, IIRC, ordinarily terminates the script the next time >> you try to send something). If your web app works in a way such that you >> can't just pull the plug and everything is fine, you're running some >> pretty big risks that your app will get into unrecoverable states from >> everyday issues. >> >> If you wanted to get fancy, you could code your system to prevent new >> logins, expire normal logins much faster (Say, after 15 minutes instead >> of hours or days), and then wait for all users to be logged out before >> continuing. >> >> Regards, Adam Zey. >>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php