News Feed
Jobs Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Edd Mann:
Securing Sessions in PHP
April 09, 2014 @ 12:14:23

In his most recent post Edd Mann shows you how to secure your session in PHP applications via a custom SessionHandler class and a bit of encryption. For those interested in the full code right away, check out this gist over on Github.

Following on from my previous post on Self-signed SSL certificates, I would now like to address the second most common Web application vulnerability (Broken Authentication and Session Management). When delving into the subject I was unable to find a definitive resource for an PHP implementation. Due to this, I set out to combine all the best practice I could find into a single Session handler, to help protect against the common attack vectors. Since PHP 5.4, you are able to set the Session handler based on a class instance that extends the default 'SessionHandler' class.

He walks through the code talking about some of the functionality it offers, how it encrypts the data and integrates expiration and validation (fingerprinting). There's also an interesting set of methods (get and set) to access values in the current session. One thing to note, this example is only for PHP 5.4 and above as it makes use of the newer SessionHandler interface.

0 comments voice your opinion now!
secure session encryption sessionhandler tutorial

Link: http://eddmann.com/posts/securing-sessions-in-php

NetTuts.com:
Laravel Unwrapped Session, Auth and Cache
March 11, 2014 @ 11:57:10

On NetTuts.com today there's a new tutorial introducing you to the Laravel framework and how to use its session, authentication/authorization and caching systems.

One thing though that not a lot of programmers take advantage of is Laravel's component-based system. Since its conversion to composer-powered components, Laravel 4 has become a very modular system, similar to the verbosity of more mature frameworks like Symfony. [...] In this tutorial, we'll be diving into a group of these components, learning how they work, how they're used by the framework, and how we can extend their functionality.

First up is the session component that lets you store the data in various places (file, cookie, etc) and how service providers fit into this. Next up is the Auth component, showing how to use the service providers to hook into a custom auth handler for finding and validating user logins. Finally, there's the Cache component. He shows how to apply a service provider to configure it, passing the data off to a MongoDB database to be stored.

0 comments voice your opinion now!
laravel tutorial session cache authentication serviceprovider framework

Link: http://code.tutsplus.com/tutorials/laravel-unwrapped-session-auth-and-cache--cms-19952

Mastering Zend Framework:
Gary Hockin's Maximising Zend Framework 2 Performance Talk (Review)
February 28, 2014 @ 10:33:30

From the Master Zend Framework blog there's a new post reviewing a talk from this year's PHPUK (2014) from Gary Hockin, "Maximising Zend Framework 2 Performance".

Whether you're new to Zend Framework 2, or an old hand (can someone really say they're an old hand after such a short period of time?) the talk covered a range of tools, tips, and techniques for increasing application performance. This wasn't an academic run through; it was a talk based on practical, hands-on, experience from Gary's time as a core ZF2 contributor, and his work at Roave, Yamgo and AdSpruce.

The post talks some about the tools Gary used to benchmark his improvements and some common metrics to be aware of in your own results. Xdebug and Xhprof were also recommended for more introspection into what the application is doing and where the bottlenecks lie.

0 comments voice your opinion now!
phpuk14 zendframework performance tools talk session

Link: http://www.masterzendframework.com/reviews/maximising-zend-framework-2-performance-phpuk14

Matt Frost:
Getting Talks Selected
January 27, 2014 @ 09:04:23

If you're considering getting into the world of speaking at an upcoming PHP conference, Matt Frost has some advice for you to help you get started. It can be intimidating, so learn from some of his own experiences as a relatively new speaker in the community.

It's a very busy conference season in and around the PHP Community. [...] These conferences are such a blessing to those who are able to attend, the speakers know their stuff and are very open to sharing and talking outside of their sessions. But you're a smart cookie too! You've got ideas and thoughts and knowledge that other people would like to have, so how do you get in on this? I'm going to tell you how I got into it, your mileage may vary, but hopefully it helps.

He points out that submitting a talk and getting accepted is "a lot like the lotto" sometimes, that you can't win unless you buy a ticket (submit that talk). He looks at a few of the other common questions from beginning speakers - what do I talk about, how do I write an abstract and common first time speaking concerns.

There's no magical elixir that will land you speaking gigs at cool conferences. Everyone that speaks, from the seasoned pro to the up and comer, has worked extremely hard to not only put the talks together; but acquire all the knowledge necessary to give the talk in the first place
0 comments voice your opinion now!
talk session technical conference advice beginner speaker

Link: http://shortwhitebaldguy.com/blog/2014/01/getting-talks-selected

Beth Tucker Long:
How to Submit a Talk to a Conference
January 03, 2014 @ 09:03:25

If you've ever thought about submitting a topic to speak at a technology conference, but never quite knew how to take those first steps, check out this advice from Beth Tucker Long. It's a list of steps and reminders to follow when thinking about your topics and submitting.

I've been on both sides of the proverbial conference table. I have been the one submitting proposals, hoping against hope that they will pick mine, and I have been on the selection committee, struggling to choose between hundreds of awesome proposals when you only have a few talk slots available. Through these varied experiences, I've learned a few things about what works and what doesn't when submitting a conference proposal.

Her list includes things like:

  • First and foremost, remember to hit spell-check
  • Have someone else read your submission
  • Identify a clear problem that the topic of your talk will help solve
  • Be honest about your topic
  • Share past feedback in the comments or notes section
  • Submit a lot of proposals
0 comments voice your opinion now!
submit talk session technology conference suggestions

Link: http://www.alittleofboth.com/2014/01/how-to-submit-a-talk-to-a-conference

PHPBuilder.com:
Clustered File Systems and PHP
November 21, 2013 @ 10:22:38

On PHPBuilder.com today they continue their series looking at working with clustered file systems and PHP with this new post, the second part in the series (part one is here).

In part one, Introduction to Clustering in PHP, we explored the concepts of load balancing, PHP sessions, and how to set up a rudimentary PHP cluster that allows for redundancy as well as load balancing. The final configuration was one load balancer exposing an NFS share for all of the client PHP servers to use for session storage. While effective, this still gives us a single point of failure (the load balancer). More load balancers can be added, but sits us squarely back on our original problem: All of the sessions are on the first load balancer, not the second.

They talk about the GlusterFS networkable file system and talk about its concepts of "drives" and "bricks". The rest of the post is centered around helping you get GlusterFS servers set up and a brief mention of pointing your PHP session storage to the resulting setup.

0 comments voice your opinion now!
cluster filesystem session glusterfs install configure

Link: http://www.phpbuilder.com/articles/application-architecture/optimization/clustered-file-systems-and-php.html

DZone.com:
PHP Performance Crash Course, Part 2 The Deep Dive
November 13, 2013 @ 10:56:33

DZone.com has posted the second part of a two-part series looking at increasing the performance of your PHP applications (part one is here). In this new post, he looks at a few topics including caching, session handling and asynchronous processing with Resque and Redis.

Ultimately, scalability is about the entire architecture, not some minor code optimizations. Often times people get this wrong and naively think they should focus on the edge cases. Solid architectural decisions like doing blocking work in the background via tasks, proactively caching expensive calls, and using a reverse proxy cache will get you much further than arguing about single quotes or double quotes.

He briefly recaps some of the "core principles" for optimizing applications and gets right into explaining the later ones on the list:

  • Optimize sessions through memcached handling
  • HTTP request/response caching
  • Caching Doctrine result sets
  • Caching the web service responses made with Guzzle
  • Handling asynchronous processing with Resque and Redis

He includes code and configuration examples for each item, helping to flesh them out a bit more. He also makes a recommendation of using something like AppDynamics to monitor the performance of your application (disclaimer: he works for them).

0 comments voice your opinion now!
performance crash course part2 series caching redis memcached session

Link: http://architects.dzone.com/articles/php-performance-crash-course-0

Community News:
Laracon EU 2013 Session Videos Posted
October 15, 2013 @ 12:55:14

If you wanted to attend the Laracon EU that happened in Amsterdam back in August but weren't able to make it, there's good news. They've started posting the videos of the sessions recorded at the event.

The sessions they've added at the time of this post are:

There were more great speakers and sessions at the event, so keep checking back for more as they're added.

0 comments voice your opinion now!
laraconeu13 session video recording youtube

Link: http://laracon.eu/2013/talks/

Joseph Scott:
Stateless CSRF Tokens
August 02, 2013 @ 11:16:44

Joseph Scott has a recent post to his site looking at the idea of stateless CSRF tokens and how to create them while avoiding the typical "store them in a session" mentality.

This is all fine and good until you want to avoid using PHP sessions. Perhaps you have several web servers and don't want to deal with shared session storage. Or have servers in multiple data centers and don't want to try and sync state across them. What ever the reason, popping a token into $_SESSION isn't an option in this case. In short you want some sort of stateless CSRF token.

He looks at two methods to help get around this issue. The first method is based on known values that won't change very frequently (say, maybe 24 hours). His second method, however, has a bit more strength to it. His idea uses a combination of a key, the current time, a timeout and a known string of data - all base64 encoded.

0 comments voice your opinion now!
csrf token stateless tutorial session base64 timeout microtime

Link: https://josephscott.org/archives/2013/07/stateless-csrf-tokens

Paul Reinheimer:
PHP and Async requests with file based sessions
July 24, 2013 @ 09:52:43

Paul Reinheimer had a problem - when he was making asynchronous requests back to his server from his frontend (Ajax) there was a slowness he noticed when more than one connection was fired off. In this new post to his site he traces through how he found the answer and what he did to fix it.

Digging a little deeper into the queries being executed, I was expecting return times in the order of 200ms, not the several seconds I was seeing. Installing XHGui only furthered my confusion: session_start() was the culprit with incredibly high run times.

He thought first about the number of session files (stored locally) being too large and causing issues, but that turned out to be a false lead. Instead, the issue was something PHP does by default...and does correctly. When PHP executes, it locks the session file, preventing another process from writing to it. This caused the delay he saw until it was unlocked. His solution? Use session_write_close immediately after writing information to unlock the session for further use.

0 comments voice your opinion now!
asynchronous session lock delay filebased request

Link: http://blog.preinheimer.com/index.php?/archives/416-PHP-and-Async-requests-with-file-based-sessions.html


Community Events











Don't see your event here?
Let us know!


introduction framework package code hack series application language symfony2 hhvm component security install unittest overview composer release podcast opinion facebook

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework