220
seCure develoPment For mobIle APPs
Next, a PDO transaction is initiated.
$this->db->beginTransaction();
is is important in order to replicate the default behavior of PHP which locks ses-
sion files for the duration of a script’s execution. For AJAX application, and jQuery
Mobile applications with AJAX, session locking is critical to avoid race conditions
that depend on $_SESSION variables. Two AJAX scripts, using the same session
ID, might be reading and writing to the $_SESSION array at the same time. Session
locking avoids that race condition and must be manually implemented by custom ses-
sion storage code.
Next, the query to retrieve the session data is executed.
$sql = "SELECT session_data
FROM session
WHERE session_id = {$this->db->quote($sessionID)} ...