Going deeper into PHP session management: creating a MySQL-based session storage module - PHP

After demonstrating how the “session_set_save_handler()” can be used to create a personalized session handling mechanism, I’ll go one step further by creating a new set of callback functions, which uses a MySQL database table for managing sessions. First, the definition for the corresponding callback functions is listed below:

// define 'openSession()' function
function openSession($sessionPath,$sessionName){
    return true;
}
// define 'closeSession()' function
function closeSession(){
    return true;
}
// define 'readSession()' method
function readSession($sessionId){
    global $db;
    // escape session ID
    if(!get_magic_quotes_gpc()){
        $sessionId=mysql_real_escape_string($sessionId);
    }
    $result=$db->query("SELECT sessiondata FROM sessions WHERE
sessionid='$sessionId' AND expiry > NOW()");
    if($result->countRows()>0){
        $row=$result->fetchRow();
        return $row['sessiondata'];
    }
    // return empty string
    return "";
}
// define 'writeSession()' function
function writeSession($sessionId,$sessionData){
    global $db;
    $expiry=time()+get_cfg_var('session.gc_maxlifetime')-1;
    // escape session ID
    if(!get_magic_quotes_gpc()){
        $sessionId=mysql_real_escape_string($sessionId);
    }
    $result=$db->query("SELECT sessionid FROM sessions WHERE
sessionid='$sessionId'");
    // check if a new session must be stored or an existing one
must be updated 
    ($result->countRows()>0)?$db->query("UPDATE sessions SET
sessionid='$sessionId',expiry='$expiry',
sessiondata='$sessionData' WHERE sessionid='$sessionId'"):$db-
>query("INSERT INTO sessions (sessionid,expiry,sessiondata)
VALUES ('$sessionId','$expiry','$sessionData')");
    return true;
}
// define 'destroySession()' function
function destroySession($sessionId){
    global $db;
    // escape session ID
    if(!get_magic_quotes_gpc()){
        $sessionId=mysql_real_escape_string($sessionId);
    }
    $db->query("DELETE FROM sessions WHERE
sessionid='$sessionId'");
    return true;
}
// define 'gcSession()' function
function gcSession($maxlifetime){
    global $db;
    $db->query("DELETE FROM sessions WHERE expiry < NOW()");
    return true;
}

As you can see, in the above example I defined the six callback functions that will be passed as arguments to the “session_set_save_handler(),” in such a way that they use a simple MySQL database table in order to read and write session data. This database table stores session IDs, the serialized session data, and finally a timestamp, which can be useful for assigning a time expiration to a particular session, so it can be deleted from the mentioned database table when the PHP garbage collection mechanism is appropriately triggered. (Notice that this situation may vary from system to system, in accordance with some settings of the session module within the php.ini file, such as the “session.gc_maxlifetime” and “session.gc_probability” directives).

Also, notice that most of the callback functions use a global $db variable, in order to have access to an instance of a MySQL wrapping class, which is utilized to connect to MySQL, together with performing all the SQL queries against the respective database table. Also, a MySQL result set processing class is used internally, in this case represented by the $result variable. Regarding these classes, in the next section I’ll show you their corresponding definition, thus you can have at hand all the source code required for implementing the previous MySQL-based session mechanism. Keep on reading to learn more.