HomePHP Page 3 - Using Advanced Functions to Maintain the State of Applications with PHP Sessions
Going deeper into PHP session management: creating a MySQL-based session storage module - PHP
Here we are again. This is part two of the series “Maintaining the state of applications with PHP sessions." In three parts, this series ranges from the basics of session management in PHP, such as creating, registering session data, and destroying sessions, to exploring advanced concepts, like working with different session storage modules and creating custom session handling objects.
After demonstrating how the “session_set_save_handler()” can be used to create a personalized session handling mechanism, I’ll go one step further by creating a new set of callback functions, which uses a MySQL database table for managing sessions. First, the definition for the corresponding callback functions is listed below:
// define 'openSession()' function function openSession($sessionPath,$sessionName){ return true; } // define 'closeSession()' function function closeSession(){ return true; } // define 'readSession()' method function readSession($sessionId){ global $db; // escape session ID if(!get_magic_quotes_gpc()){ $sessionId=mysql_real_escape_string($sessionId); } $result=$db->query("SELECT sessiondata FROM sessions WHERE sessionid='$sessionId' AND expiry > NOW()"); if($result->countRows()>0){ $row=$result->fetchRow(); return $row['sessiondata']; } // return empty string return ""; } // define 'writeSession()' function function writeSession($sessionId,$sessionData){ global $db; $expiry=time()+get_cfg_var('session.gc_maxlifetime')-1; // escape session ID if(!get_magic_quotes_gpc()){ $sessionId=mysql_real_escape_string($sessionId); } $result=$db->query("SELECT sessionid FROM sessions WHERE sessionid='$sessionId'"); // check if a new session must be stored or an existing one must be updated ($result->countRows()>0)?$db->query("UPDATE sessions SET sessionid='$sessionId',expiry='$expiry', sessiondata='$sessionData' WHERE sessionid='$sessionId'"):$db- >query("INSERT INTO sessions (sessionid,expiry,sessiondata) VALUES ('$sessionId','$expiry','$sessionData')"); return true; } // define 'destroySession()' function function destroySession($sessionId){ global $db; // escape session ID if(!get_magic_quotes_gpc()){ $sessionId=mysql_real_escape_string($sessionId); } $db->query("DELETE FROM sessions WHERE sessionid='$sessionId'"); return true; } // define 'gcSession()' function function gcSession($maxlifetime){ global $db; $db->query("DELETE FROM sessions WHERE expiry < NOW()"); return true; }
As you can see, in the above example I defined the six callback functions that will be passed as arguments to the “session_set_save_handler(),” in such a way that they use a simple MySQL database table in order to read and write session data. This database table stores session IDs, the serialized session data, and finally a timestamp, which can be useful for assigning a time expiration to a particular session, so it can be deleted from the mentioned database table when the PHP garbage collection mechanism is appropriately triggered. (Notice that this situation may vary from system to system, in accordance with some settings of the session module within the php.ini file, such as the “session.gc_maxlifetime” and “session.gc_probability” directives).
Also, notice that most of the callback functions use a global $db variable, in order to have access to an instance of a MySQL wrapping class, which is utilized to connect to MySQL, together with performing all the SQL queries against the respective database table. Also, a MySQL result set processing class is used internally, in this case represented by the $result variable. Regarding these classes, in the next section I’ll show you their corresponding definition, thus you can have at hand all the source code required for implementing the previous MySQL-based session mechanism. Keep on reading to learn more.
PHP 
