Jump to content

Custom session save handlers


justsomeguy

Recommended Posts

Here is some code you can include to implement custom session save handlers. These functions will store all of your sessions in a MySQL database instead of the default temporary files. Storing the sessions in a database makes it easy to determine the number of users that are currently on the site. The code includes all of the session handling functions, plus a function to get the number of users active within a certain number of minutes.

<?php

/*#############################################################################
Session table format:  
  id - varchar(40), not null, primary key  
  content - text, null  
  timestamp - int, not null
#############################################################################*/
define("SESS_DB_HOST", "localhost"); #database server
define("SESS_DB_USER", "root"); #database user
define("SESS_DB_PASS", ""); #database password
define("SESS_DB_NAME", "test"); #database name
define("SESS_DB_TABLE", "sessions"); #session table name (see above for the required fields) 

global $SESS_DB_CON;
$SESS_DB_CON = mysql_connect(SESS_DB_HOST, SESS_DB_USER, SESS_DB_PASS);
mysql_select_db(SESS_DB_NAME, $SESS_DB_CON);

function custom_session_open($save_path, $session_name){  
  return(true);
} 

function custom_session_close(){  
  #do garbage collection  
  return custom_session_gc(get_cfg_var("session.gc_maxlifetime"));
}

function custom_session_read($id){  
  global $SESS_DB_CON;  
  $result = @mysql_query("SELECT content FROM " . SESS_DB_TABLE . " WHERE id='" . mysql_real_escape_string($id, $SESS_DB_CON) . "'", $SESS_DB_CON);  
  if ($row = @mysql_fetch_assoc($result))  {    
    @mysql_query("UPDATE " . SESS_DB_TABLE . " SET timestamp=" . time() . " WHERE id='" . mysql_real_escape_string($id, $SESS_DB_CON) . "'", $SESS_DB_CON);    
    return((string)$row['content']);  
  }  
  return("");
} 

function custom_session_write($id, $sess_data){  
  global $SESS_DB_CON;  
  $result = @mysql_query("SELECT COUNT(*) AS nr FROM " . SESS_DB_TABLE . " WHERE id='" . mysql_real_escape_string($id, $SESS_DB_CON) . "'", $SESS_DB_CON);  
  $count = @mysql_fetch_assoc($result);  
  if ($count['nr'] > 0)  {    
    $sql = "UPDATE " . SESS_DB_TABLE;    
    $sql .= " SET content='" . mysql_real_escape_string($sess_data, $SESS_DB_CON) . "'";    
    $sql .= ", timestamp=" . time();    
    $sql .= " WHERE id='" . mysql_real_escape_string($id, $SESS_DB_CON) . "'";    
    @mysql_query($sql, $SESS_DB_CON);  
  }  
  else  {    
    $sql = "INSERT INTO " . SESS_DB_TABLE;    
    $sql .= " (id, content, timestamp)";    
    $sql .= " VALUES ";    
    $sql .= "('" . mysql_real_escape_string($id, $SESS_DB_CON) . "',";    
    $sql .= " '" . mysql_real_escape_string($sess_data, $SESS_DB_CON) . "', ";    
    $sql .= time() . ")";    
    @mysql_query($sql, $SESS_DB_CON);  
  }  
  return true;
}  

function custom_session_destroy($id){  
  global $SESS_DB_CON;  
  @mysql_query("DELETE FROM " . SESS_DB_TABLE . " WHERE id='" . mysql_real_escape_string($id, $SESS_DB_CON) . "'", $SESS_DB_CON);  
  return(true);
}

function custom_session_gc($maxlifetime){  
  global $SESS_DB_CON;  
  $cur = time();  
  $exp = $cur - $maxlifetime; 
  # this assumes that $maxlifetime is in seconds  
  @mysql_query("DELETE FROM " . SESS_DB_TABLE . " WHERE timestamp < {$exp}", $SESS_DB_CON);  
  return(true);
} 

function get_user_count($mins){  
  global $SESS_DB_CON;   
  $cur = time();  
  $limit = $cur - ($mins * 60);  
  $result = @mysql_query("SELECT COUNT(*) AS nr FROM " . SESS_DB_TABLE . " WHERE timestamp >= {$limit}", $SESS_DB_CON);  
  $row = @mysql_fetch_assoc($result);  
  return $row['nr'];
}

session_set_save_handler(
  "custom_session_open",
  "custom_session_close",
  "custom_session_read",            
  "custom_session_write",             
  "custom_session_destroy",             
  "custom_session_gc"
); 

session_start();
$_SESSION['1'] = 1;// proceed to use sessions normally
?>
 

How to use itSave the code above in a file, such as session.handlers.php. Use an include or require statement on all of your pages to include this file. You must include the file before any session operations are performed, and since the file includes a call to session_start, it would make sense to include this file before you do anything else. Once the file is included, you can use sessions normally. The only difference is that the session information will be saved in the database you specify on the top of the file. Make sure you set up a sessions table in a database. The format for the table is given in the comment on the top of the code. Specify the database name and the table name in the constant definitions. There is a function called get_user_count that you can use at any time in your application to return the number of users that have been active for a certain amount of time. For example, to get the number of users that have been active within the last 10 minutes, you would make a call to get_user_count(10). How it worksSession information is composed of a unique session ID, and a string of session data. There are fields for each of these in the database table, plus one extra field to keep track of when the session was last used. The timestamp gets updated when the session is either read from or written to. The session handlers are implemented using functions for open, close, read, write, destroy, and gc (garbage collection). The open function does not need to do anything for a database implementation, so it just returns a true value. Some distributions of Linux do not invoke the automatic garbage collection of PHP to clean up sessions, so the only thing the close function does is to explicitly call the garbage collection function, which will use the configuration option gc_maxlifetime to determine which sessions have expired. The read function gets the session ID passed to it, and so it looks up the corresponding content in the database and updates the access timestamp for that session. The write function determines if a session with the corresponding ID already exists in the database. If it does, it updates that session and the timestamp. If there is not a session in the database, then a new session is created and inserted into the database. The destroy function deletes a session from the database. The gc function is passed a number, which is in seconds, which corresponds to the expiration time for sessions. The gc function deletes all sessions that are older then the allowed lifetime.

Link to comment
Share on other sites

  • 5 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...