Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.sugarondrupal_session_get() should make sure that the session id refers to a valid session.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | sugarondrupal_session_checking.patch | 2.75 KB | JamesK |
Comments
Comment #1
JamesK CreditAttribution: JamesK commentedThis patch resolves session validity checking by doing a get_user_id request and checking for a valid id being returned.
Other changes:
- Added a function sugarondrupal_logout() for clearing session data
- Use cache_get/set instead of variable_get/set for session data (Drupal best practices)
- Update documentation
Comment #2
ilo CreditAttribution: ilo commentedThanks, JamesK for the patch. I'll try to upload the additional missing modules so you can also make use of them. I'll review it as soon as I can.
Comment #3
ilo CreditAttribution: ilo commentedOh, I just would like to share something I've found important: the reason why the session is not validated for every call is because of performance. Let me explain..
If you develop a script to request SugarCRM services, you would just connect and perform the requests without checking the validity of the session everytime. This also applies here, so I have tested and in fact I'm using other methods to avoid this session dying.
- a http proxy to connect SugarCRM services. SugarCRM is in somehow slow when talking (bootstrapping the) services. I'f found that using a proxy and keeping the proxy session alive you can have a great response speed improvement. However I don't use to use this method lastly, only for Drupal - SugarCRM integrations that have several concurrent users: sugarcrm portals on top of Drupal.
- Use elisya cron or supercron to perform regular session 'pings'. As you have seen, sugarondrupal_cron already checks for the user id, thus keeping the session alive. Having this simply taks configured properly (considering the time a session is valid in SugarCRM: http://developers.sugarcrm.com/docs/OS/5.2/-docs-User_Guides-CommunityEd...) you don't need to verify it on every request.
- Using hook_sugarcrm_service_request_alter or hook_sugarcrm_service_METHOD_request_alter you can change any of the request parameters, and also perform some checks before the request is sent, and also change these values on the response with 'hook_sugarcrm_service_respose_alter' or 'hook_sugarcrm_service_METHOD_respose_alter'. You can check for errors in the session and re-connect the session / request again if required. This also allows to read and keep additional information in cache, use several connections, or do more complicated tricks with the module.
With all these methods to keep the session alive, I think I do have enough arguments to avoid doing a session validity on every request.
I'm ok with the logout and cache stuff, for sure, and very appreciated.
Regarding the actions part, did you have a look? I've found that I left a debug message in the repository.. so sad!.
Comment #4
JamesK CreditAttribution: JamesK commentedThanks for all the info. I'm not sure about the cron stuff you're referring to, maybe I don't have the same version of the package. I didn't grab HEAD, I just downloaded the most rececent 6.x-1.x-dev. I completely missed the actions stuff, but it looks really cool; I have been writing my own form hooks in another module to create the entries. I have to create some relationships as well, so I don't think the actions would work for my implementation anyway.
I think for a site that is acting as a customer portal for Sugar, then your implementation of session checking is definitely a better idea. In my case, I'm only interacting with the CRM on account creation and webform submission (all adds up to just a few requests per day) so I think I'll stick with the per-page (it isn't actually per CRM request, since $session_valid is static, so once it is TRUE, it stays TRUE for the entire page request) session checking.