HomePHP Page 6 - Storing PHP Sessions in a Database
Cleaning up the session - PHP
There are many reasons to utilize sessions when creating a web-based application using PHP. Session information, by default, is stored in a file on your web server. But what if that becomes a problem? In this article, I'll talk about why you might want to move your PHP sessions to a database, and show you how to do it.
You can't properly have your own session handler without writing code to clean up after yourself. The last two methods for our class will be the destroy and gc (garbage collection) methods.
When the session_destroy() function is called, it triggers a call to our destroy method. Here's a look at the code:
function destroy( $id ) {
// Build query $newid = mysql_real_escape_string($id); $sql = "DELETE FROM `sessions` WHERE `session_id` = '$newid'";
db_query($sql);
return TRUE;
}
The above logic is fairly straightforward. The destroy method is called, passing the unique session identifier. We then make a call to delete the record. Boom, session information no longer exists.
Periodically, PHP will trigger a garbage collection routine, meant to handle the conditions where people left before the system got a chance to clean up their sessions. Here's the code:
function gc() {
// Garbage Collection
// Build DELETE query. Delete all records who have passed the expiration time $sql = 'DELETE FROM `sessions` WHERE `expires` < UNIX_TIMESTAMP();';
db_query($sql);
// Always return TRUE return true;
}
In the above query, we delete all records that are expired, and SHOULD have been deleted by the destroy method, but the method was apparently never called. This garbage collection could be considered "self-maintenance," and stops you from needing to write a cronjob to keep your sessions table clean.
