Custom Session Handler - Need some Help ?

[Dr Livingston]

Looking at an article from zend, I am trying to get this following class to work. The session_set_save_handler part is working, although the ...set_path is still pointing to the folder I set in the ini file to store sessions; ie php's sessions are not using the database table

Anyway, here is what I have so far:

PHP Code:

# begin new instance of sessionhandler class
 $SessMgmt = new SessionHandler(); 
 # define class method to over-ride session operations
 session_set_save_handler(
    array(& $SessMgmt, 'SessOpen'), 
    array(& $SessMgmt, 'SessClose'), 
    array(& $SessMgmt, 'SessRead'), 
    array(& $SessMgmt, 'SessWrite'), 
    array(& $SessMgmt, 'SessDestroy'), 
    array(& $SessMgmt, 'SessGC'));
 
 session_start();
 if(!isset($_SESSION['Test'])) {
  $_SESSION['Test'] = 1;
 }
 $_SESSION['Test']++;
 
 echo($_SESSION['Test']); // echo's '2'
 
 class SessionHandler {
  var $obj;
  
  function SessOpen($path, $name) {
   $this -> obj = mysql_connect('', '', '');
   mysql_select_db('temp');
   
   return true;
  }
  
  function SessClose() {
   $this -> SessGC(0);
   
   return true;
  }
  
  function SessRead($id) { 
   $sql = "SELECT * FROM sessions WHERE sessId = ". $id ."";
   $result = mysql_query($sql);
   
   if($result) {
    $row = mysql_fetch_array($result);
    return $row['sessValue'];
   }
   else {
    return false;
   }
  }
  
  function SessWrite($id, $data) {
   $now = time();
   
   $sql = "UPDATE sessions SET sessTime = ". $now .", sessValue = ". $data ." WHERE sessId = ". $id ."";
   
   if(mysql_query($sql)) {
    return true;
   }
   else {
    $sql = "INSERT INTO sessions SET sessId = ". $id .", sessTime = ". $now .", sessValue = ". $data ."";
    
    mysql_query($sql);
    return true;
   }
  }
  
  function SessDestroy($id) {
   $sql = "DELETE FROM sessions WHERE sessId = ". $id ."";
   
   if(mysql_query($sql)) {
    return true;
   }
   else {
    return false;
   }
  }
  
  function SessGC() {
   $expire = strtotime('-5 minutes');
   $sql = "DELETE FROM sessions WHERE sessTime < ". $expire ."";
   
   if(mysql_query($sql)) {
    return true;
   }
   else {
    return false;
   }
  }
 } 


Is there something I've missed ? I'm thinking it is something to do with the database, no ?

Thanks in advance

[torrent]

Have you set the session.save_handler setting in your php.ini file to user? If you wish you can also set this using ini_set() within your application instead.

PHP Code:

ini_set('session.save_handler','user'); 


[Dr Livingston]

Checked this variable via an echo before and after the following:

PHP Code:

# define class method to over-ride session operations
 session_set_save_handler(
    array(& $SessMgmt, 'SessOpen'), 
    array(& $SessMgmt, 'SessClose'), 
    array(& $SessMgmt, 'SessRead'), 
    array(& $SessMgmt, 'SessWrite'), 
    array(& $SessMgmt, 'SessDestroy'), 
    array(& $SessMgmt, 'SessGC')); 


And it changed from 'Files' to 'User' so this I don't think is the problem -

Normal use of Sessions, I have the sessions stored in a folder 2 levels up from the root directory - echoing the variable session.save_path shows this folder path; which is wrong as it should actually be using the database

Although the session id + value etc is not being read/written to/from database.

Don't know why

[BDKR]

Why are you making calls directly to mysql functions? Something that Jason Lottito and I discussed is the ability of a seesions class to work with any db by handing it's query needs off to another object.

So, as an example, instead of...

PHP Code:

<?
$row = mysql_fetch_array($result);
?>

Maybe something like...

PHP Code:

<?
$row = $this->queryObj->fetch_array($result);
?>

Now your class takes a step towards becomming more portable.

Cheers,
BDKR

[Phil.Roberts]

Why are you making calls directly to mysql functions? Something that Jason Lottito and I discussed is the ability of a seesions class to work with any db by handing it's query needs off to another object.

I'm working on a session class that does this using the Eclipse library database classes. All I have to do is pass the database object to the session class.

I'm having the exact same problem listed above though, for some unknown reason PHP is simply not storing the sessions in the database.

My own code, for the curious:

PHP Code:

<?php

define('SESS_USE_COOKIES'     , true);
define('SESS_USE_ONLY_COOKIES', false);
define('SESS_MAX_LIFETIME'    , 15);
define('SESS_GC_PROBABILITY'  , 50);

class Session
{
    var $db;

    function Session(&$db, $sessname = 's')
    {
        $this->db =& $db;

        ini_set('session.save_handler', 'user');
        ini_set('session.name', $sessname);
        ini_set('session.use_cookies', SESS_USE_COOKIES);
        ini_set('session.gc_maxlifetime', SESS_MAX_LIFETIME);
        ini_set('session.gc_probability', SESS_GC_PROBABILITY);
        ini_set('session.use_only_cookies', SESS_USE_ONLY_COOKIES);

        session_set_save_handler(
            array(&$this, 'sessionOpen'),
            array(&$this, 'sessionClose'),
            array(&$this, 'sessionRead'),
            array(&$this, 'sessionWrite'),
            array(&$this, 'sessionDestroyer'),
            array(&$this, 'sessionGc')
        );

        session_start();
    }

    function sessionOpen($save_path, $session_name)
    {
        if(!$this->db) {
            die('No Database object is available, or there was an error with ' .
                'the database');
        }

        return true;
    }

    function sessionClose()
    {
        return true;
    }

    function sessionRead($session_key)
    {
        $session_key = addslashes($session_key);

        $session_value = $this->db->query("SELECT session_value
                                           FROM sessions
                                           WHERE session_key = '$session_key'");

        if(!$session_value->isSuccess()) {
            die('Database error: ' . $session_value->getErrorMessage());
        }

        if($session_value->getRowCount() == 1) {
            return $session_value->getRow(0);
        } else {
            return false;
        }
    }

    function sessionWrite($session_key, $val)
    {
        $session_key = addslashes($session_key);
        $val = addslashes($val);

        $seconds = SESS_MAX_LIFETIME * 60;
        $expires = time() + $seconds;

        $session = $this->db->query("SELECT COUNT(*) as count
                                     FROM sessions
                                     WHERE session_key = '$session_key'");

        $count = $session->getRow(0);

        if($count == 0) {
            $result =
                $this->db->query("INSERT INTO sessions (session_key, session_expire, session_value)
                                  VALUES ('$session_key', '" . mktime() . "', '$val')");

            if(!$result->isSuccess()) {
                die('Database error: ' . $result->getErrorMessage());
            }
        } else {
            $result =
                $this->db->query("UPDATE sessions
                                  SET session_value = '$val',
                                      session_expire = $expires
                                  WHERE session_key = '$session_key'");

            if(!$result->isSuccess()) {
                die('Database error: ' . $result->getErrorMessage());
            }
        }

        return true;
    }

    function sessionDestroyer($session_key)
    {
        $session_key = addslashes($session_kay);

        $result = $this->db->query("DELETE FROM sessions
                                    WHERE session_key = '$session_key'");

        if(!$result->isSuccess()) {
            die('Database error: ' . $result->getErrorMessage());
        }

        return true;
    }

    function sessionGc($maxlifetime)
    {
        $expiration_time = time() - $maxlifetime;

        $result = $this->db->query("DELETE FROM sessions
                                    WHERE session_expire < $expiration_time");

        if(!$result->isSuccess()) {
            die('Database error: ' . $result->getErrorMessage());
        }

        return true;
    }

}

?>

[BDKR]

I'm working on a session class that does this using the Eclipse library database classes. All I have to do is pass the database object to the session class.

That's funny. I did the same thing with version 1 of the Eclipse lib. I took that idea and did the same thing in another non-OO lib that I have. The discussion that Jason and I had concerned creating such a class for Eclipse CE.

As to why you guys are having problems getting it to work, I have no idea. It allways worked for me, but I chose to not use the built in php sessions functions. I rolled my own.

Cheers,
BDKR

[Phil.Roberts]

Eclipse CE?

[Dr Livingston]

BDKR -

I know I was prior to the sessions not working using HarryF's Dao but I removed the scripting and replaced it all with what you now see.

A rule of elimination in the event something doesn't work as it should ? In this case, yes

Phil.Roberts - looking over your script as I type Does it work ? Unlike mine...

[Phil.Roberts]

Well it SHOULD work. But like your own, it doesn't.

[BDKR]

It's something that Jason Lottito from phpcomplete.com is working on. The CE stands for Community Edition.

http://sourceforge.net/projects/eclipselib

Cheers,
BDKR

[freddydoesphp]

Dr. Livingston, I think you were missing some single quotes aroudn values being sent to database. Also in your write function, you checked for a successful query on the UPDATE, but you should have checked the affected rows, because even though nothing was updated it still executed okay. I rewrote some bits of it and it works fine now, at least for me.

PHP Code:

<?php
class SessionHandler {
  var $obj;
  
  function SessOpen($path, $name) {
   $this -> obj = mysql_connect('localhost', 'root', '');
   mysql_select_db('temp');
   
   return true;
  }
  
  function SessClose() {
   $this -> SessGC(0);
   
   return true;
  }
  
  function SessRead($id) { 
   $sql = "SELECT * FROM sessions WHERE sessId = '". $id ."'";
   $result = mysql_query($sql);
   
   if($result) {
    $row = mysql_fetch_array($result);
    return ($row['sessValue'] != "") ? $row['sessValue'] : "";
   }
   else {
    return false;
   }
  }
  
  function SessWrite($id, $data) {
   $now = time();
   $sql = "UPDATE sessions SET sessTime = '". $now ."', sessValue = '". $data ."' WHERE sessId = '". $id ."'";
   mysql_query($sql);
   if(mysql_affected_rows($this->obj)) {
  return true;
   }
   else {
  $sql = "INSERT INTO sessions SET sessId = '". $id ."', sessTime = '". $now ."', sessValue = '". $data ."'";
  mysql_query($sql);
  return true;
   }
  }
  
  function SessDestroy($id) {
   $sql = "DELETE FROM sessions WHERE sessId = '". $id ."'";
   
   if(mysql_query($sql)) {
    return true;
   }
   else {
    return false;
   }
  }
  
  function SessGC() {
   $expire = strtotime('-5 minutes');
   $sql = "DELETE FROM sessions WHERE sessTime < '". $expire ."'";
   
   if(mysql_query($sql)) {
    return true;
   }
   else {
    return false;
   }
  }
} 
# begin new instance of sessionhandler class
$SessMgmt = new SessionHandler(); 
# define class method to over-ride session operations
session_set_save_handler(
    array(&$SessMgmt, 'SessOpen'), 
    array(&$SessMgmt, 'SessClose'), 
    array(&$SessMgmt, 'SessRead'), 
    array(&$SessMgmt, 'SessWrite'), 
    array(&$SessMgmt, 'SessDestroy'), 
    array(&$SessMgmt, 'SessGC'));
session_start();
if(!isset($_SESSION['Test'])) {
  $_SESSION['Test'] = 1;
}
$_SESSION['Test']++;
echo($_SESSION['Test']); // echo's '2'
?>

[Dr Livingston]

Thanks I did have those single quotes in there as well; took them out

Didn't make much difference as the bloody script still doesn't work

Thanks anyway, we need all the help we can get at the moment....

[freddydoesphp]

It didn't work for me either when I first copied it from this thread, but after a few

PHP Code:

print $sql; 


I was able to determine that since the UPDATE query was successful even though it updated nothing, the INSERT never ran. By checking the afftected_rows instead of just the mysql_query() fixed that.

PHP Code:

  function SessWrite($id, $data) {
   $now = time();
   $sql = "UPDATE sessions SET sessTime = '". $now ."', sessValue = '". $data ."' WHERE sessId = '". $id ."'";
   mysql_query($sql);
   if(mysql_affected_rows($this->obj)) {
  return true;
   }
   else {
  $sql = "INSERT INTO sessions SET sessId = '". $id ."', sessTime = '". $now ."', sessValue = '". $data ."'";
  mysql_query($sql);
  return true;
   }
  } 


[Dr Livingston]

Cheers Freddy It works now...

PHP Code:

228c84f325808df759c658c835f473a01053113969Test|i:2; 


Now we need to get Phil.Roberts script to work as well, no ?

[freddydoesphp]

Phil.Roberts your error was due to the fact you weren't checking the right value in the write function and you were returning the whole row on the read function instead of just the session_value.

PHP Code:

<?php 
define('SESS_USE_COOKIES'     , true); 
define('SESS_USE_ONLY_COOKIES', false); 
define('SESS_MAX_LIFETIME'    , 15); 
define('SESS_GC_PROBABILITY'  , 50); 
class Session 
{ 
    var $db; 
    function Session(&$db, $sessname = 's') 
    { 
        $this->db =& $db; 
        ini_set('session.save_handler', 'user'); 
        ini_set('session.name', $sessname); 
        ini_set('session.use_cookies', SESS_USE_COOKIES); 
        ini_set('session.gc_maxlifetime', SESS_MAX_LIFETIME); 
        ini_set('session.gc_probability', SESS_GC_PROBABILITY); 
        ini_set('session.use_only_cookies', SESS_USE_ONLY_COOKIES); 
        session_set_save_handler( 
            array(&$this, 'sessionOpen'), 
            array(&$this, 'sessionClose'), 
            array(&$this, 'sessionRead'), 
            array(&$this, 'sessionWrite'), 
            array(&$this, 'sessionDestroyer'), 
            array(&$this, 'sessionGc') 
        ); 
        session_start(); 
    } 
    function sessionOpen($save_path, $session_name) 
    { 
        if(!$this->db) { 
            die('No Database object is available, or there was an error with ' . 
                'the database'); 
        } 
        return true; 
    } 
    function sessionClose() 
    { 
        return true; 
    } 
    function sessionRead($session_key) 
    { 
        //$session_key = addslashes($session_key); 
        $session_value = $this->db->query("SELECT session_value 
                                           FROM sessions 
                                           WHERE session_key = '$session_key'" ); 
        if(!$session_value->isSuccess()) { 
            die('Database error: ' . $session_value->getErrorMessage()); 
        } 
        if($session_value->getRowCount() == 1) { 
   $row = $session_value->getRow(0); 
            return $row['session_value'];
        } else { 
            return false; 
        } 
    } 
    function sessionWrite($session_key, $val) 
    { 
        $session_key = addslashes($session_key); 
        $val = addslashes($val); 
        $seconds = SESS_MAX_LIFETIME * 60; 
        $expires = time() + $seconds; 
        $session = $this->db->query("SELECT COUNT(*) as count 
                                     FROM sessions 
                                     WHERE session_key = '$session_key'" ); 
        $count = $session->getRow(0); 
        if($count['count'] == 0) { 
            $result = 
                $this->db->query("INSERT INTO sessions (session_key, session_expire, session_value) 
                                  VALUES ('$session_key', '" . mktime() . "', '$val')" ); 
            if(!$result->isSuccess()) { 
                die('Database error: ' . $result->getErrorMessage()); 
            } 
        } else { 
            $result = 
                $this->db->query("UPDATE sessions 
                                  SET session_value = '$val', 
                                      session_expire = $expires 
                                  WHERE session_key = '$session_key'" ); 
            if(!$result->isSuccess()) { 
                die('Database error: ' . $result->getErrorMessage()); 
            } 
        } 
        return true; 
    } 
    function sessionDestroyer($session_key) 
    { 
        $session_key = addslashes($session_kay); 
        $result = $this->db->query("DELETE FROM sessions 
                                    WHERE session_key = '$session_key'" ); 
        if(!$result->isSuccess()) { 
            die('Database error: ' . $result->getErrorMessage()); 
        } 
        return true; 
    } 
    function sessionGc($maxlifetime) 
    { 
        $expiration_time = time() - $maxlifetime; 
        $result = $this->db->query("DELETE FROM sessions 
                                    WHERE session_expire < $expiration_time" ); 
        if(!$result->isSuccess()) { 
            die('Database error: ' . $result->getErrorMessage()); 
        } 
        return true; 
    } 
} 
?>

Specifically you had

PHP Code:

        $count = $session->getRow(0); 
        if($count == 0) { 


When you wanted to actually check the value of count

PHP Code:

        $count = $session->getRow(0); 
        if($count['count'] == 0) { 


Also same thing in the read function
You had

PHP Code:

        if($session_value->getRowCount() == 1) { 
            return $session_value->getRow(0);
        } else { 
            return false; 
        } 


You needed

PHP Code:

        if($session_value->getRowCount() == 1) { 
   $row = $session_value->getRow(0); 
            return $row['session_value'];
        } else { 
            return false; 
        } 


[Phil.Roberts]

Ooooo..

I'll have to try that tomorrow, cheers freddy.

[edit]

Yeah it works great now. Thats v. much.

I'm not 100% familiar with the Eclipse database libs just yet, which is why I didn't spot that.

[torrent]

I thought I'd give this a bash, been meaning to for sometime now. Anyway, I knocked this up for a quick test but it I'm having a prob with it. It writes the session data to the database alright but every page generates a new session id and so the session_read callback doesn't retrieve the existing session data. I've made sure that session.use_trans_id is set (in php.ini and in the file, just for good measure), but it still generates a new one. Ideas welcome.

PHP Code:

<?php

  require_once('DB.php');

  ini_set('session.set_save_handler', 'user');
  ini_set('session.use_trans_id', '1');

  $dbh = NULL;

  function on_sess_start($save_path, $sess_name) 
  {
      
      global $dbh;
      $dbh = new DB();
      $dbh->connect('localhost', 'torrent', 'test', 'ski_DB');
      
      //echo "[START]ing session\n";
  }

  function on_sess_end()
  {
      
      global $dbh;
      $dbh->db_close();
      
      //echo "[CLOSE]ing session\n";
  }

  function on_sess_read($key)
  {
      
      global $dbh;
      
      $qry  = "SELECT session_data FROM sessions ";
      $qry .= "WHERE session_id = '$key' ";
      $qry .= "AND session_expiration > now()";

      $dbh->execute($qry);
      $row = $dbh->fetch_assoc();
      return ($row[session_data]);
      
      //echo "[READ]ing [$key] session data\n";
  }

  function on_sess_write($key, $val)
  {
      
      global $dbh;

      $ins_qry  = "INSERT INTO sessions VALUES ('$key', '$val', now() + 3600)";
      $upd_qry  = "UPDATE sessions SET session_data = '$val', ";
      $upd_qry .= "session_expiration = now() + 3600 ";
      $upd_qry .= "where session_id = '$key'";

      if (!$dbh->execute($ins_qry)) {
          $dbh->execute($upd_qry);
      } 
      
      //echo "[WRITE]ing data [$val] to session [$key]\n";
  }

  function on_sess_destroy($key)
  {
      
      global $dbh;

      $qry = "DELETE FROM sessions WHERE session_id = '$key'";
      $dbh->execute($qry);
      
      //echo "Session [$key] [DESTROYED]\n";
  }

  function on_sess_gc($expire_time)
  {
      
      global $dbh;

      $qry = "DELETE FROM sessions WHERE session_expiration < now()";
      $dbh->execute($qry);
      
      //echo "Session [GARBAGE COLLECTION]\n";
  }

  session_set_save_handler("on_sess_start", "on_sess_end", 
                           "on_sess_read", "on_sess_write", 
                           "on_sess_destroy", "on_sess_gc");
  
  session_start();

  $_SESSION['counter']++;
  printf("<a href=\"%s\">Click here to test</a>", $_SERVER['PHP_SELF']);
  //session_destroy();
?>

[Phil.Roberts]

Hows about something like:

PHP Code:

if(!empty($_REQUEST[$session_name])) {
    //create new session id
} else {
    //keep existing id
} 


[torrent]

Hmm..something very strange is going on here.
When I print out the query being executed in the on_sess_read() callback function it displays:

Code:

Query [SELECT session_data FROM sessions WHERE session_id = '7a4ffb1513f7eb7b815520edda811465' AND session_expiration > now()]

. Copy and pasting that query directly into MySQLFront pulls back the session_data, and displays it. However, the printing out $row['session_data'] in the callback function shows it as being blank!

Am I missing the bleedin' obvious here? How can the two be different? Here is the revised on_sess_read() callback (excuse the crudeness of the code, I'm keeping things real simple to eliminate pretty much everything.

PHP Code:

  function on_sess_read($key)
  {      
      global $dbh;
      
      $qry  = "SELECT session_data FROM sessions ";
      $qry .= "WHERE session_id = '$key' ";
      $qry .= "AND session_expiration > now()";

      print "Query [$qry]"; // debug

      $res = mysql_query($qry) or die(mysql_error());
      if ($row = mysql_fetch_assoc($res)) {

         print_r($row);exit(); // debug

         return ($row['session_data']);

      } else { // debug
         print "No data to read<br />"; // <-- ALWAYS DISPLAYS THIS
      }
  } 


Gonna kick myself if I have missed something really obvious.

[Dr Livingston]

Shouldn't the expiry time be less than what time() is now ?

Also to check if a SESSION exists or not use:

PHP Code:

if(!isset($_SESSION['SessionNameHere'])) {
# create new session
}
.
.
$_SESSION['SessionNameHere']++; 


To see if that helps, though I think it is something to do with your Write - which would proberly then effect your Read, no ?

[torrent]

Sorted

Tx for spotting the < > typo, but the trouble was with the debug statements being in the call back functions. PHP really didn't like them there. Once I removed them the damn thing worked

[Dr Livingston]

Great

Now we all have this problem fixed I'd say ?

[Theiggsta]

Livingston: check on this thread...

http://www.sitepointforums.com/showt...hreadid=102008

I listed my simple solution, you can use harrys posted class there and just modify it up to work with whatever db class you have. Check my posts there.

[Dr Livingston]

Thanks - I've already made the changes to use HarryF's script as described by his Dao Pattern.

Although I had to use some substitute script to get it to work properly since the Dao script didn't include the following:

PHP Code:

# missing this from Dao Pattern
 
mysql_affected_rows(...)
.
. 


At the moment - I'll need to figure out how to implement this into the Dao later, although I now use this instead:

PHP Code:

.
.
function SessWrite($id, $data) {
   $this -> dao -> UpdateSession($id, $data);
   # unsure on how to implement 'mysql_affected_rows(...)' w/in mysqlaccessresult class
   # so use this fix instead
   $result = $this -> dao -> CountSessions($id);
   
   # check if update was true
   if($result -> rowCount() > 1) { 
    # quick fix only - not complete solution
    return true;
   }
   else {
    # update was pointless so do an insert instead
    $this -> dao -> InsertSession($id, $data);
    return true;
   }
  }
.
. 


All working at the moment...