Storing PHP Sessions in a Database - Reading and Writing Session Data

(Page 5 of 8 )

Okay.  We've intercepted PHP's session handling logic, and are systematically replacing it with our own.  After the open and close, the next to areas to address are the read and write methods.

Let's first take a look at the read method:

        function read( $id ) {

           // Set empty result
           $data = '';

           // Fetch session data from the selected database

           $time = time();

           $newid = mysql_real_escape_string($id);
           $sql = "SELECT `session_data` FROM `sessions` WHERE
`session_id` = '$newid' AND `expires` > $time";

           $rs = db_query($sql);                           
           $a = db_num_rows($rs);

           if($a > 0) {
             $row = db_fetch_assoc($rs);
             $data = $row['session_data'];
           }

                       return $data;

        }

In the above example, you will see that I used functions called db_query(), db_num_rows(), and db_fetch_assoc().  These functions are from the application I wrote this class for.

But a close look will show you that when the function is called, the unique session identifier is passed along with it.  I then query the database to see if I can find a record for that session that has not expired.  If successful, you return the data to the calling program.

Now take a look at the code to write the data.

      function write( $id, $data ) {

         // Build query                
         $time = time() + $this->life_time;

         $newid = mysql_real_escape_string($id);
         $newdata = mysql_real_escape_string($data);

         $sql = "REPLACE `sessions`
(`session_id`,`session_data`,`expires`) VALUES('$newid',
'$newdata', $time)";

         $rs = db_query($sql);

         return TRUE;

      }

In the above example, you see that the write function is passed the unique session identifier, as well as the data to save to the database.  One thing to note is what we are doing with the time.  We grab the current time, then add to it the number of seconds that were defined in the constructor as lifetime.  So basically, each time the data is written, we reset the timeout.  So if your system is configured to expire sessions after 20 minutes of inactivity, this code supports it.

You will also notice that, when writing the database, we utilize the replace function instead of an insert.  Replace  works exactly like an insert if the record already exists, or only updates it.

And assuming all went well with the update, we return true.

Next: Cleaning up the session >>
 

More PHP Articles
More By Rich Smith

Comments On: Storing PHP Sessions in a Database

· I actually needed this logic for a recent implementation. I thought my experience...    · Do people still consider using 'global' to be a good idea? Wouldn't it be better to...    · Actually, you are correct. My own session class has alot of extra site-specific...    · Hey, Rich, I'm glad you took the time to put this into an article. It's a really...    · I require this session after login and encounter following error.Fatal error:...    · Yes. You need to change the DB logic in the class to use your DB calls, or straight...    · Sorry but I still don't understand. I created the exact same table "session" like...    · The db_query() call is a custom db class that my application uses. If you are using...   >>> Post your comment now!