210
seCure develoPment For mobIle APPs
//end our lock on this session record
if($this->db->inTransaction())
$this->db->commit();
}
}
}
public function destroy($sessionID)
{
if(preg_match('/^[-,\da-z]{27}$/i', $sessionID))
{
//check if transaction is holding record open, if so release it
if($this->db->inTransaction())
$this->db->rollBack();
//using PDO query with PDO quote() for speed.
//Do not want prepared statement here with dual trips
$sql = "DELETE FROM session
WHERE session_id = {$this->db->quote($sessionID)}";
$this->db->query($sql);
//se t cookie time for one second after unix epoch to force
expiration
setcookie(session_name(), "", 1); }
}
}
public function gc($max)
{
//NOT using PDO paramterized query with PDO quote() for speed. ...