944,026 Members | Top Members by Rank

Web Development > PHP > Custom Session Handler
Ad:
  • PHP Code Snippet
  • Views: 23609
  • PHP RSS
0

Custom Session Handler

by on Sep 20th, 2004
Ever feel the default session handling is insecure? Or do you just want some originality to show off? Well, here you are. A custom, MySQL-based session handler. It supports base64_encoding and MySQL storage.

Note: I haven't tested this thing in months so I don't know how well it'll work : Good luck, hope you like it.

Configuration: All you gotta do is edit the MySQL configurations, the expire and GC probability (if you really want. its best left as is), and just include session.php in all your session-oriented scripts. =]

Please email me (kenleycapps@gmail.com) if you get ANY errors! Thanks.
PHP Code Snippet (Toggle Plain Text) 
  1. <?php 
  2.  
  3. // config 
  4. $m_host = ""; //MySQL Host 
  5. $m_user = ""; //MySQL User 
  6. $m_pass = ""; //MySQL Pass 
  7. $m_db   = ""; //MySQL Database 
  8.  
  9. $session_expire = 600; // Session expire time, in seconds (minutes * 60 = seconds) 
  10.  
  11. $gc_probability = 50; // Probability that the garbage collection function will be called. 50% chance by default 
  12.  
  13. ini_set("session.gc_probability",$gc_probability); 
  14.  
  15. /* Open function; Opens/starts session 
  16.  
  17.    Opens a connection to the database and stays open until specifically closed 
  18.    This function is called first and with each page load */ 
  19.  
  20. function open ($s,$n) // do not modify function parameters 
  21. { 
  22.   global $session_connection, $m_host, $m_user, $m_pass, $m_db; 
  23.   $session_connection = mysql_pconnect($m_host,$m_user,$m_pass); 
  24.   mysql_select_db($m_db,$session_connection); 
  25.   return true; 
  26. } 
  27.  
  28. /* Read function; downloads data from repository to current session 
  29.  
  30.    Queries the mysql database, unencrypts data, and returns it. 
  31.    This function is called after 'open' with each page load. */ 
  32. function read ($id) // do not modify function parameters 
  33. { 
  34.   global $session_connection,$session_read; 
  35.   $query = "SELECT data FROM sess_data WHERE id=\"{$id}\""; 
  36.   $res = mysql_query($query,$session_connection); 
  37.   if(mysql_num_rows($res) != 1) return ""; // must return string, not 'false' 
  38.   else 
  39.   { 
  40.     $session_read = mysql_fetch_assoc($res); 
  41.     $session_read["data"] = base64_decode($session_read["data"]); 
  42.     return $session_read["data"]; 
  43.   } 
  44. } 
  45.  
  46.  
  47. /* Write function; uploads data from current session to repository 
  48.  
  49.    Inserts/updates mysql records of current session. Called after 'read' 
  50.    with each page load */ 
  51. function write ($id,$data) // do not modify function parameters 
  52. { 
  53.   if(!$data) { return false; } 
  54.   global $session_connection, $session_read, $session_expire; 
  55.   $expire = time() + $session_expire; 
  56.   $data = mysql_real_escape_string(base64_encode($data)); 
  57.   if($session_read) $query = "UPDATE sess_data SET data=\"{$data}\", expire=\"{$expire}\" WHERE id=\"{$id}\""; 
  58.   else $query = "INSERT INTO sess_data SET id=\"{$id}\", data=\"{$data}\""; 
  59.   mysql_query($query,$session_connection); 
  60.   return true; 
  61. } 
  62.  
  63. /*Close function; closes session 
  64.  
  65.   closes mysql connection */ 
  66. function close () 
  67. { 
  68.   global $session_connection; 
  69.   mysql_close($session_connection); 
  70.   return true; 
  71. } 
  72.  
  73.  
  74. /* destroy function; deletes session data 
  75.  
  76.    deletes records of current session. called ONLY when function 'session_destroy()' 
  77.    is called */ 
  78. function destroy ($id) // do not modify function parameters 
  79. { 
  80.   global $session_connection; 
  81.   $query = "DELETE FROM sess_data WHERE id=\"{$id}\""; 
  82.   mysql_query($query,$session_connection); 
  83.   return true; 
  84. } 
  85.  
  86. /* gc function; cleans expired sessions 
  87.  
  88.    deletes all rows where expire < time(); called with a $gc_probability chance of executing */ 
  89. function gc ($expire) 
  90. { 
  91.   global $session_connection; 
  92.   $query = "DELETE FROM sess_data WHERE expire < ".time(); 
  93.   mysql_query($query,$session_connection); 
  94. } 
  95.  
  96.  
  97. // Set custom handlers 
  98. session_set_save_handler ("open", "close", "read", "write", "destroy", "gc"); 
  99.  
  100. // Start session 
  101. session_start(); 
  102. ?>
  103.  
  104. // MySQL Database Description
  105.  
  106. create table sess_data (
  107. id2 int not null auto_increment,
  108. id text not null,
  109. data text,
  110. expire int not null,
  111. primary key(id2)
  112. );
Comments on this Code Snippet
Permalink
Apr 12th, 2010
0

Re: Custom Session Handler

hi, i noticed a bug in your script. when i used it it logged my out just after i logged in. i fixed this by changing the else query in Write() funtion. so overall this will be the code:
php Syntax (Toggle Plain Text)
  1. <?php 
  2.  
  3. // config 
  4. $m_host = ""; //MySQL Host 
  5. $m_user = ""; //MySQL User 
  6. $m_pass = ""; //MySQL Pass 
  7. $m_db   = ""; //MySQL Database
  8. $table  = "";
  9.  
  10. $session_expire = 600; // Session expire time, in seconds (minutes * 60 = seconds) 
  11.  
  12. $gc_probability = 100; // Probability that the garbage collection function will be called. 50% chance by default 
  13.  
  14. ini_set("session.gc_probability",$gc_probability); 
  15.  
  16. /* Open function; Opens/starts session 
  17.  
  18.    Opens a connection to the database and stays open until specifically closed 
  19.    This function is called first and with each page load */ 
  20.  
  21. function open ($s,$n) // do not modify function parameters 
  22. { 
  23.   global $session_connection, $m_host, $m_user, $m_pass, $m_db; 
  24.   $session_connection = mysql_pconnect($m_host,$m_user,$m_pass); 
  25.   mysql_select_db($m_db,$session_connection); 
  26.   return true; 
  27. } 
  28.  
  29. /* Read function; downloads data from repository to current session 
  30.  
  31.    Queries the mysql database, unencrypts data, and returns it. 
  32.    This function is called after 'open' with each page load. */ 
  33. function read ($id) // do not modify function parameters 
  34. { 
  35.   global $session_connection,$session_read,$table; 
  36.   $query = "SELECT data FROM `$table` WHERE id=\"{$id}\""; 
  37.   $res = mysql_query($query,$session_connection); 
  38.   if(mysql_num_rows($res) != 1) return ""; // must return string, not 'false' 
  39.   else 
  40.   { 
  41.     $session_read = mysql_fetch_assoc($res); 
  42.     $session_read["data"] = base64_decode($session_read["data"]); 
  43.     return $session_read["data"]; 
  44.   } 
  45. } 
  46. function write ($id,$data) // do not modify function parameters 
  47. { 
  48.   if(!$data) { return false; } 
  49.   global $session_connection, $session_read, $session_expire, $table; 
  50.   $expire = time() + $session_expire; 
  51.   $data = mysql_real_escape_string(base64_encode($data)); 
  52.   if($session_read) $query = "UPDATE `$table` SET data=\"{$data}\", expire=\"{$expire}\" WHERE id=\"{$id}\""; 
  53.   else $query = "INSERT INTO sess_data SET id=\"{$id}\", data=\"{$data}\" expire=\"{$expire}\""; 
  54.   mysql_query($query,$session_connection); 
  55.   return true; 
  56. } 
  57. function close () 
  58. { 
  59.   global $session_connection; 
  60.   mysql_close($session_connection); 
  61.   return true; 
  62. } 
  63. function destroy ($id) // do not modify function parameters 
  64. { 
  65.   global $session_connection,$table; 
  66.   $query = "DELETE FROM `$table` WHERE id=\"{$id}\""; 
  67.   mysql_query($query,$session_connection); 
  68.   return true; 
  69. }
  70. function gc ($expire) 
  71. { 
  72.   global $session_connection,$table; 
  73.   $query = "DELETE FROM `$table` WHERE expire < ".time(); 
  74.   mysql_query($query,$session_connection); 
  75. }
  76. // Set custom handlers 
  77. session_set_save_handler ("open", "close", "read", "write", "destroy", "gc"); 
  78.  
  79. // Start session 
  80. session_start(); 
  81. ?>
  82.  
  83. // MySQL Database Description
  84.  
  85. create table $table (
  86. id2 int not null auto_increment,
  87. id text not null,
  88. data text,
  89. expire int not null,
  90. primary key(id2)
  91. );
Newbie Poster
danyboi97 is offline Offline
1 posts
since Apr 2010
Message:
Previous Thread in PHP Forum Timeline: php mysql help
Next Thread in PHP Forum Timeline: having troubls with my get vairable..





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC