Results 1 to 2 of 2
  1. #1
    Join Date
    Feb 2004
    Location
    Bucharest
    Posts
    37

    Lightbulb Unanswered: session management

    i have decided to use session_set_save_handler for future developments in my websites. i have the file below sessions.php which contains a classic sequence of session management with the goal to extend the life of PHPSESSID cookie.

    ex scenario: add in cart 5 products, all the info goes in session, user quits the browser, opens again after couple hours and sees the 5 products added.

    i'm interested in the following:
    1. if my code is following the best practices in session management and what are your recommendations.
    2. if the usage of this totaly replaces file based sessions
    thanks!


    everything happens in the `sessions` MySQL table

    Code:
    DROP TABLE IF EXISTS sessions;
    CREATE TABLE sessions (
      sesskey varchar(32) NOT NULL,
      expiry int(11) unsigned NOT NULL,
      value text NOT NULL,
      PRIMARY KEY (sesskey)
    );
    include/sessions.php

    PHP Code:
    <?php
        
    if (!$SESS_LIFE get_cfg_var('session.gc_maxlifetime')) {
          
    $SESS_LIFE 86400//24 hours
        
    }
        
        function 
    set_phpsessid(){
            if(
    $_COOKIE['PHPSESSID']==''){
                
    setcookie('PHPSESSID'session_id(), time()+86400'/''.mysite.com');
            } else {
                
    setcookie('PHPSESSID'$_COOKIE['PHPSESSID'], time()+86400'/''.mysite.com');
            }
        }

        function 
    _sess_open($save_path$session_name) {
          return 
    true;
        }

        function 
    _sess_close() {
          return 
    true;
        }

        function 
    _sess_read($key) { 
          
    $query "
          SELECT `value`
          FROM `sessions`
          WHERE `sesskey` = '"
    .mysql_real_escape_string($key)."' 
          AND `expiry` > '"
    .time()."'
          "
    ;
          
    $sql mysql_query($query);
          
    $r mysql_fetch_assoc($sql);

          if (isset(
    $r['value'])) {
            return 
    $r['value'];
          }

          return 
    '';
        }

        function 
    _sess_write($key$val) {
        
            
    //print '<font color="red">'.$key.' = '.$val.'</font>';
        
          
    global $SESS_LIFE;

          
    $expiry time() + $SESS_LIFE;
          
    $value $val;

          
    $query "
          SELECT COUNT(*) AS `total` 
          FROM `sessions`
          WHERE `sesskey` = '"
    .mysql_real_escape_string($key)."'
          "
    ;
          
    $sql mysql_query($query);
          
    $r mysql_fetch_assoc($sql);

          if (
    $r['total'] > 0) {
              
    $query "
            UPDATE `sessions` SET
            `expiry` = "
    .$expiry.", 
            `value` = '"
    .mysql_real_escape_string($value)."'
            WHERE `sesskey` = '"
    .mysql_real_escape_string($key)."'
            LIMIT 1
            "
    ;
            
    $sql mysql_query($query);
            return 
    true;
          } else {
              
    $query "
            INSERT INTO `sessions`
            VALUES 
            (
            '"
    .mysql_real_escape_string($key)."', 
            "
    .mysql_real_escape_string($expiry).",
            '"
    .mysql_real_escape_string($value)."'
            )"
    ;
            
    $sql mysql_query($query);
            return 
    true;
          }
        }

        function 
    _sess_destroy($key) {
            
    $query "
            DELETE FROM `sessions`
            WHERE `sesskey` = '"
    .mysql_real_escape_string($key)."'
            LIMIT 1
            "
    ;
            
    $sql mysql_query($query);
          return 
    true;
        }

        
    /*
             * @see session.gc_divisor      100
             * @see session.gc_maxlifetime 1440
             * @see session.gc_probability    1
             * @usage execution rate 1/100
             *        (session.gc_probability/session.gc_divisor)
        */
        
    function _sess_gc($maxlifetime) {
            
            global 
    $SESS_LIFE;
        
            
    $query "
            DELETE FROM `sessions`
            WHERE `expiry` < "
    .(time() - $SESS_LIFE);

          return 
    true;
        }

        
    session_set_save_handler('_sess_open''_sess_close''_sess_read''_sess_write''_sess_destroy''_sess_gc');

    ?>
    php file:
    PHP Code:
    require_once 'include/sessions.php';
    set_phpsessid();

    session_start(); 
    Last edited by Zamolxe; 05-29-08 at 14:58.

  2. #2
    Join Date
    Mar 2007
    Location
    010101010110100
    Posts
    803
    1. if my code is following the best practices in session management and what are your recommendations.
    I myself use database session mgmt and moved away from file sessions. There are many benefits to using a session store. Just a couple are that you can use sessions across multiple servers whereas with file sessions you cannot. You will also be able to tell (Not real-time) who is currently logged into your site. (Depending on your session.gc_maxlifetime setting)

    The code you posted, at a glance, looks fine and should work ok.

    2. if the usage of this totaly replaces file based sessions
    thanks!
    Yes, it replaces file sessions 100%.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •