DaniWeb Forum Index > Web Development > PHP

Custom Session Handler

Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases

kenleycapps kenleycapps is offline

Offline Sep 20th, 2004, 9:07 am |

Ever feel the default session handling is insecure? Or do you just want some originality to show off? Well, here you are. A custom, MySQL-based session handler. It supports base64_encoding and MySQL storage.

Note: I haven't tested this thing in months so I don't know how well it'll work : Good luck, hope you like it.

Configuration: All you gotta do is edit the MySQL configurations, the expire and GC probability (if you really want. its best left as is), and just include session.php in all your session-oriented scripts. =]

Please email me (kenleycapps@gmail.com) if you get ANY errors! Thanks.

Show Printable Version

Code Snippet

•

PHP Syntax

Toggle Plain Text

<?php 
 
// config 
$m_host = ""; //MySQL Host 
$m_user = ""; //MySQL User 
$m_pass = ""; //MySQL Pass 
$m_db   = ""; //MySQL Database 
 
$session_expire = 600; // Session expire time, in seconds (minutes * 60 = seconds) 
 
$gc_probability = 50; // Probability that the garbage collection function will be called. 50% chance by default 
 
ini_set("session.gc_probability",$gc_probability); 
 
/* Open function; Opens/starts session 
 
   Opens a connection to the database and stays open until specifically closed 
   This function is called first and with each page load */ 
 
function open ($s,$n) // do not modify function parameters 
{ 
  global $session_connection, $m_host, $m_user, $m_pass, $m_db; 
  $session_connection = mysql_pconnect($m_host,$m_user,$m_pass); 
  mysql_select_db($m_db,$session_connection); 
  return true; 
} 
 
/* Read function; downloads data from repository to current session 
 
   Queries the mysql database, unencrypts data, and returns it. 
   This function is called after 'open' with each page load. */ 
function read ($id) // do not modify function parameters 
{ 
  global $session_connection,$session_read; 
  $query = "SELECT data FROM sess_data WHERE id=\"{$id}\""; 
  $res = mysql_query($query,$session_connection); 
  if(mysql_num_rows($res) != 1) return ""; // must return string, not 'false' 
  else 
  { 
    $session_read = mysql_fetch_assoc($res); 
    $session_read["data"] = base64_decode($session_read["data"]); 
    return $session_read["data"]; 
  } 
} 
 
 
/* Write function; uploads data from current session to repository 
 
   Inserts/updates mysql records of current session. Called after 'read' 
   with each page load */ 
function write ($id,$data) // do not modify function parameters 
{ 
  if(!$data) { return false; } 
  global $session_connection, $session_read, $session_expire; 
  $expire = time() + $session_expire; 
  $data = mysql_real_escape_string(base64_encode($data)); 
  if($session_read) $query = "UPDATE sess_data SET data=\"{$data}\", expire=\"{$expire}\" WHERE id=\"{$id}\""; 
  else $query = "INSERT INTO sess_data SET id=\"{$id}\", data=\"{$data}\""; 
  mysql_query($query,$session_connection); 
  return true; 
} 
 
/*Close function; closes session 
 
  closes mysql connection */ 
function close () 
{ 
  global $session_connection; 
  mysql_close($session_connection); 
  return true; 
} 
 
 
/* destroy function; deletes session data 
 
   deletes records of current session. called ONLY when function 'session_destroy()' 
   is called */ 
function destroy ($id) // do not modify function parameters 
{ 
  global $session_connection; 
  $query = "DELETE FROM sess_data WHERE id=\"{$id}\""; 
  mysql_query($query,$session_connection); 
  return true; 
} 
 
/* gc function; cleans expired sessions 
 
   deletes all rows where expire < time(); called with a $gc_probability chance of executing */ 
function gc ($expire) 
{ 
  global $session_connection; 
  $query = "DELETE FROM sess_data WHERE expire < ".time(); 
  mysql_query($query,$session_connection); 
} 
 
 
// Set custom handlers 
session_set_save_handler ("open", "close", "read", "write", "destroy", "gc"); 
 
// Start session 
session_start(); 
?>
 
// MySQL Database Description
 
create table sess_data (
id2 int not null auto_increment,
id text not null,
data text,
expire int not null,
primary key(id2)
);

<?php 

// config 
$m_host = ""; //MySQL Host 
$m_user = ""; //MySQL User 
$m_pass = ""; //MySQL Pass 
$m_db   = ""; //MySQL Database 

$session_expire = 600; // Session expire time, in seconds (minutes * 60 = seconds) 

$gc_probability = 50; // Probability that the garbage collection function will be called. 50% chance by default 

ini_set("session.gc_probability",$gc_probability); 

/* Open function; Opens/starts session 

   Opens a connection to the database and stays open until specifically closed 
   This function is called first and with each page load */ 

function open ($s,$n) // do not modify function parameters 
{ 
  global $session_connection, $m_host, $m_user, $m_pass, $m_db; 
  $session_connection = mysql_pconnect($m_host,$m_user,$m_pass); 
  mysql_select_db($m_db,$session_connection); 
  return true; 
} 

/* Read function; downloads data from repository to current session 

   Queries the mysql database, unencrypts data, and returns it. 
   This function is called after 'open' with each page load. */ 
function read ($id) // do not modify function parameters 
{ 
  global $session_connection,$session_read; 
  $query = "SELECT data FROM sess_data WHERE id=\"{$id}\""; 
  $res = mysql_query($query,$session_connection); 
  if(mysql_num_rows($res) != 1) return ""; // must return string, not 'false' 
  else 
  { 
    $session_read = mysql_fetch_assoc($res); 
    $session_read["data"] = base64_decode($session_read["data"]); 
    return $session_read["data"]; 
  } 
} 


/* Write function; uploads data from current session to repository 

   Inserts/updates mysql records of current session. Called after 'read' 
   with each page load */ 
function write ($id,$data) // do not modify function parameters 
{ 
  if(!$data) { return false; } 
  global $session_connection, $session_read, $session_expire; 
  $expire = time() + $session_expire; 
  $data = mysql_real_escape_string(base64_encode($data)); 
  if($session_read) $query = "UPDATE sess_data SET data=\"{$data}\", expire=\"{$expire}\" WHERE id=\"{$id}\""; 
  else $query = "INSERT INTO sess_data SET id=\"{$id}\", data=\"{$data}\""; 
  mysql_query($query,$session_connection); 
  return true; 
} 

/*Close function; closes session 

  closes mysql connection */ 
function close () 
{ 
  global $session_connection; 
  mysql_close($session_connection); 
  return true; 
} 


/* destroy function; deletes session data 

   deletes records of current session. called ONLY when function 'session_destroy()' 
   is called */ 
function destroy ($id) // do not modify function parameters 
{ 
  global $session_connection; 
  $query = "DELETE FROM sess_data WHERE id=\"{$id}\""; 
  mysql_query($query,$session_connection); 
  return true; 
} 

/* gc function; cleans expired sessions 

   deletes all rows where expire < time(); called with a $gc_probability chance of executing */ 
function gc ($expire) 
{ 
  global $session_connection; 
  $query = "DELETE FROM sess_data WHERE expire < ".time(); 
  mysql_query($query,$session_connection); 
} 


// Set custom handlers 
session_set_save_handler ("open", "close", "read", "write", "destroy", "gc"); 

// Start session 
session_start(); 
?>

// MySQL Database Description

create table sess_data (
id2 int not null auto_increment,
id text not null,
data text,
expire int not null,
primary key(id2)
);