Coding the session handling class - PHP

Since I already defined the structure of the pertinent session handling class, specifically writing each of its methods is just a matter of translating the callback functions defined for the procedural session handling approach into class methods. Even when I’m pretty sure that you know how the complete class will look, I’ll do most of the hard work for you. Please, take a look at the definition of this class:

class SessionHandler {
    function SessionHandler(){

        session_set_save_handler(array
(&$this,'openSession'),array(&$this,'closeSession'),array
(&$this,'readSession'),array(&$this,'writeSession'),array
(&$this,'destroySession'),array(&$this,'gcSession'));
    }
    function openSession($sessionPath,$sessionName){
        return true;
    }
    function closeSession(){
        return true;
    }
    function readSession($sessionId){
        global $db;
        // escape session ID
        if(!get_magic_quotes_gpc()){
            $sessionId=mysql_real_escape_string($sessionId);
        }
        $result=$db->query("SELECT sessiondata FROM sessions
WHERE sessionid='$sessionId' AND expiry > NOW()");
        if($result->countRows()>0){
            $row=$result->fetchRow();
            return $row['sessiondata'];
        }
        // return empty string
        return "";
    }
    function writeSession($sessionId,$sessionData){
        global $db;
        $expiry=time()+get_cfg_var('session.gc_maxlifetime')-1;
        // escape session ID & session data
        if(!get_magic_quotes_gpc()){
            $sessionId=mysql_real_escape_string($sessionId);
        }
        $result=$db->query("SELECT sessionid FROM sessions WHERE
sessionid='$sessionId'");
        // check if a new session must be stored or an existing
one must be updated 
        ($result->countRows()>0)?$db->query("UPDATE sessions SET
sessionid='$sessionId',expiry='$expiry',sessiondata=
'$sessionData'WHERE sessionid='$sessionId'"):$db->query("INSERT
INTO sessions(sessionid,expiry,sessiondata) VALUES
('$sessionId','$expiry','$sessionData')");
        return true;
    }
    function destroySession($sessionId){
        global $db;
        // escape session ID
        if(!get_magic_quotes_gpc()){
            $sessionId=mysql_real_escape_string($sessionId);
        }
        $db->query("DELETE FROM sessions WHERE
sessionid='$sessionId'");
        return true;
    }
    function gcSession($maxlifetime){
        global $db;
        $db->query("DELETE FROM sessions WHERE expiry < NOW()");
        return true;
    }      
}

As you can see, the above class now includes each of the previous callback functions directly as methods, which maintain the same original definition. Of course, the most important thing to note here is the inclusion of the “session_set_save_handler()” function inside the class constructor, and the corresponding registration of each method to be appropriately called.

In this case, the “session_set_save_handler()” function accepts an input array, containing both a self reference to the “SessionHandler” object (represented by the &$this pointer) and the name of the callback method to be used. The following expression illustrates this condition:

session_set_save_handler(array(&$this,'openSession'),array
(&$this,'closeSession'),array(&$this,'readSession'),array
(&$this,'writeSession'),array(&$this,'destroySession'),array
(&$this,'gcSession'));

Now that you know how the “SessionHandler” class looks, here’s a simple implementation of it, using the pair of additional MySQL processing classes shown before:

// include classes
require_once 'mysqlclass.php';
require_once 'resultclass.php';
// connect to MySQL
$db=&new MySQL(array('host'=>'localhost','user'=>'user',
'password'=>'password','database'=>'database'));
// instantiate new 'SessionHandler' object
$sessionHandler=&new SessionHandler;
session_start();
// register some session variables
$_SESSION['firstname']='Alejandro';
$_SESSION['lastname']='Gervasio';

That’s it. The above script demonstrates how to integrate a “SessionHandler” object with the other MySQL processing classes, in order to implement a MySQL-driven session management module. Notice that after instantiating a new session handler object, the session is started normally, by the “session_start()” function, as one would expect using flat files. Definitely, the above source code now looks very compact and readable, since all the hard work for managing sessions is done behind the scenes, by the methods of the useful “SessionHandler” class.

At this point, you hopefully learned how to create a session handling class, which encapsulates all the required methods for implementing a MySQL-based session management module. However, due to their versatility, the methods can be easily rewritten, in order to use another RDBMS. As with most things in Web programming, this will depend on your own development requirements.

To wrap up

Unfortunately, this series has now concluded. Over its different parts, I covered the most relevant aspects of session management in PHP, starting out with the basics of how to create, use and destroy sessions, and additionally explaining the correct implementation of advanced functions, such as “session_set_save_handler()”, which can be used to develop custom session modules, similar to the one I built before.

I hope you find the material I provided you in this series to be useful, so you can use it for extending the boundaries of your grounding in PHP sessions. Meet you in the next PHP series!