SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Jun 2004
    Location
    Singapore
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    storing session data in database

    hi, i have implemented the storage of session data into mysql database, as described in 'essential php security'.
    i would like to ask how do i 'clean up' both the 'sessions' and 'sessions_keys' tables?

  2. #2
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    the handler takes care of that based on session.gc_probability, session.gc_divisor and session.gc_maxlifetime.
    my mobile portal
    ghiris.ro

  3. #3
    SitePoint Member
    Join Date
    Jun 2004
    Location
    Singapore
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i am not sure what you mean. my session codes are as follow... is there anything wrong with it?


    session_set_save_handler('_open', '_close', '_read', '_write', '_destroy', '_clean');

    function _open() {
    global $db;
    return $db;
    }

    function _close() {
    global $db;
    return mysql_close($db);
    }

    function _read($id) {
    global $db;

    $algorithm = MCRYPT_BLOWFISH;
    $mode = MCRYPT_MODE_CBC;

    $id = mysql_real_escape_string($id);

    $sql = "SELECT session_data FROM sessions WHERE session_id = '$id'";

    if ($result = mysql_query($sql, $db)) {
    if (mysql_num_rows($result)) {
    $record = mysql_fetch_assoc($result);
    // return $record['session_data'];
    $data = base64_decode($record['session_data']);

    $iv_size = mcrypt_get_iv_size($algorithm, $mode);

    $ciphertext = substr($data, $iv_size);
    $iv = substr($data, 0, $iv_size);

    $crypt = new crypt();

    $crypt->iv = $iv;
    $crypt->ciphertext = $ciphertext;
    $crypt->decrypt();

    return $crypt->cleartext;
    }
    }

    return '';
    }

    function _write($id, $data) {
    global $db;

    $expires = time();

    $crypt = new crypt();

    $crypt->cleartext = $data;
    $crypt->generate_iv();
    $crypt->encrypt();

    $ciphertext = $crypt->ciphertext;
    $iv = $crypt->iv;

    $data = base64_encode($iv . $ciphertext);

    $id = mysql_real_escape_string($id);
    $expires = mysql_real_escape_string($expires);
    $data = mysql_real_escape_string($data);

    $sql = "REPLACE INTO sessions VALUES ('$id', '$expires', '$data')";

    return mysql_query($sql, $db);
    }

    function _destroy($id) {
    global $db;

    $id = mysql_real_escape_string($id);

    $sql = "DELETE FROM sessions WHERE session_id = '$id'";

    return mysql_query($sql, $db);
    }

    function _clean($max) {
    global $db;

    $old = time() - $max;
    $old = mysql_real_escape_string($old);

    $sql = "DELETE FROM sessions WHERE session_expires < '$old'";

    return mysql_query($sql, $db);
    }


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •