php, session_set_save_handler & disappearing session vars

php, session_set_save_handler & disappearing session vars

am 04.02.2010 20:11:03 von Jason Gerfen

I have used session classes before and am at a loss as to why I cannot
for the life of me get this to work... Any help is appreciated.

I might just be confused with the database connection handles in order
to pull and store session information as there was some information
posted on php.net referencing some changes between php4 and php5 in
regards to passing a database connection handle to a custom session
handler class. However as you can see from the class here it initializes
a database connection handle for each function call to *hopefully
eliminate this problem.

I do appreciate help on this. Thanks.

First the db sessions table:
CREATE TABLE IF NOT EXISTS `admin_sessions` (
`session_id` varchar(32) NOT NULL default '',
`http_user_agent` varchar(32) NOT NULL default '',
`session_data` blob NOT NULL,
`session_expire` int(11) NOT NULL default '0',
PRIMARY KEY (`session_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

Pretty simple right? Now here is my dbSessions class (complete with
debugging statements:
class dbSession
{
private $data;
private $max_time;
private $dbconn;

public function __construct( $max_time )
{

//@register_shutdown_function( 'session_write_close' );

if( !empty( $max_time ) ) {
@ini_set( 'session.gc_maxlifetime', $max_time );
} else {
@ini_set( 'session.gc_maxlifetime', 3600 );
}

session_set_save_handler(
array( &$this, 'open' ),
array( &$this, 'close' ),
array( &$this, 'read' ),
array( &$this, 'write' ),
array( &$this, 'destroy' ),
array( &$this, 'gc' )
);

//@ini_set('session.gc_probability', 50);
//@ini_set('session.save_handler', 'user');
@register_shutdown_function( 'session_write_close' );
@session_start();
}

public function register( $name, $data )
{
return $_SESSION[$name] = $data;
}

public function open( $path, $name )
{ echo "OPEN CALLED
";
global $defined;
global $handles;

if( ( $this->dbconn = $handles['db']->dbConnect( $defined['dbhost'],
$defined['username'], $defined['password'], $defined['dbname'] ) ) !==
-1 ) {
return true;//$this->dbconn;
} else {
return false;
}
}

public function close()
{ echo "CLOSE CALLED
";
global $defined;
global $handles;

// clean up data
$handles['misc']->CleanUpVars( $_SESSION, NULL );

// Perform analyze, repair and optimize on used tables
$handles['db']->dbFixTable( "admin_sessions", $this->dbconn );

// Free db handle and close connection(s)
$handles['db']->dbFreeData( $this->dbconn );
$handles['db']->dbCloseConn( $this->dbconn );

return true;
}

public function read( $id )
{ echo "READ CALLED
"; echo "

"; var_dump( print_r( 
func_get_args() ) ); echo "
";
global $handles;
global $defined;

$this->dbconn = $handles['db']->dbConnect( $defined['dbhost'],
$defined['username'], $defined['password'], $defined['dbname'] );

$query = "SELECT `session_data` FROM `admin_sessions` WHERE
`session_id` = \"" . $id . "\" AND `http_user_agent` = \"" . md5(
$_SERVER["HTTP_USER_AGENT"] ) . "\" LIMIT 1";
$result = $handles['db']->dbQuery( $handles['val']->ValidateSQL(
$query, $this->dbconn ), $this->dbconn );

echo "RAN: " . $query . " => " . $handles['db']->dbNumRowsAffected(
$this->dbconn ) . "
";

if( ( is_resource( $result ) ) && ( $handles['db']->dbNumRowsAffected(
$this->dbconn ) > 0 ) ) {
$fields = $handles['db']->dbArrayResultsAssoc( $result );
echo "FOUND EXISTING SESSION DATA: " . print_r(
$fields['session_data'] ) . "
";
return stripslashes( $fields['session_data'] );
}
echo "NOTHING FOUND FOR: " . $id . "
";
return "";
}

public function write( $id, $data )
{ echo "WRITE CALLED
"; echo "
"; var_dump( print_r( 
func_get_args() ) ); echo "
";
global $handles;
global $defined;

$this->dbconn = $handles['db']->dbConnect( $defined['dbhost'],
$defined['username'], $defined['password'], $defined['dbname'] );

$query = "SELECT `session_data` FROM `admin_sessions` WHERE
`session_id` = \"" . $id . "\" AND `http_user_agent` = \"" . md5(
$_SERVER["HTTP_USER_AGENT"] ) . "\" LIMIT 1";
$result = $handles['db']->dbQuery( $handles['val']->ValidateSQL(
$query, $this->dbconn ), $this->dbconn );
//$data = $handles['db']->dbArrayResultsAssoc( $result );
//echo "
"; print_r( $data ); echo "
";
if( ( is_resource( $result ) ) && ( $handles['db']->dbNumRowsAffected(
$result ) > 0 ) ) {
$query = "UPDATE `admin_sessions` SET `session_data` = \"" .
mysql_real_escape_string( $data ) . "\", `session_expire` = \"" . time()
.. "\" WHERE `session_id` = \"" . $id . "\" LIMIT 1";
} else {
$query = "INSERT INTO `admin_sessions` ( `session_id`,
`http_user_agent`, `session_data`, `session_expire` ) VALUES ( \"" . $id
.. "\", \"" . md5( $_SERVER["HTTP_USER_AGENT"] ) . "\", \"" .
mysql_real_escape_string( $data ) . "\", \"" . time() . "\" ) ON
DUPLICATE KEY UPDATE `session_data` = \"" . mysql_real_escape_string(
$data ) . "\", `session_expire` = \"" . time() . "\"";
}

$result = $handles['db']->dbQuery( $handles['val']->ValidateSQL(
$query, $this->dbconn ), $this->dbconn );

echo "RAN: " . $query . " => " . $handles['db']->dbQuery(
$handles['val']->ValidateSQL( $query, $this->dbconn ), $this->dbconn ) .
"
";

if( ( is_resource( $result ) ) && ( $handles['db']->dbNumRowsAffected(
$this->dbconn ) > 0 ) ) {
$fields = $handles['db']->dbArrayResultsAssoc( $result );
return stripslashes( $fields["session_data"] );
}
return "";
}

public function destroy( $id )
{ echo "DESTROY CALLED
";
global $handles;
global $defined;

$this->dbconn = $handles['db']->dbConnect( $defined['dbhost'],
$defined['username'], $defined['password'], $defined['dbname'] );

$query = "DELETE FROM `admin_sessions` WHERE `session_id` = \"" . $id
.. "\" LIMIT 1";
$result = $handles['db']->dbQuery($handles['val']->ValidateSQL($query,
$this->dbconn), $this->dbconn);

if( ( is_resource( $result ) ) && ( $handles['db']->dbNumRowsAffected(
$this->dbconn ) !== -1 ) ) {
return true;
}
return false;
}

public function gc( $max_time )
{ echo "GC CALLED
";
global $handles;

$this->dbconn = $handles['db']->dbConnect( $defined['dbhost'],
$defined['username'], $defined['password'], $defined['dbname'] );

$query = "DELETE FROM `admin_sessions` WHERE `session_expire` < \"" .
time() - $this->max_time . "\"";
$result = $handles['db']->dbQuery($handles['val']->ValidateSQL($query,
$this->dbconn), $this->dbconn);

if( ( is_resource( $result ) ) && ( $handles['db']->dbNumRowsAffected(
$this->dbconn ) !== -1 ) ) {
return true;
}
return false;
}
}

And of course the usage:
require 'class.dbsessions.php';
if( empty( $_SESSION['token'] ) ) {
$handles['session'] = new dbSession( $defined['timeout'] );
}

Then once the user has passed a valid authentication mechanism the users
session token is set with:
$handles['session']->register( 'token', $token );


--
Jason Gerfen
Systems Administration/Web application development
jason.gerfen@scl.utah.edu

Marriott Library
Lab Systems PC
295 South 1500 East
Salt Lake City, Utah 84112-0806
Ext 5-9810


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php