Session confusion =(

[IanMerwin]

Hey all...

For days (or maybe daze) now I have been trying to build my own Session handling Class. I keep running into trouble.

First let me tell you what I have done:

I have tried just about every Google tutorial out there.
I have read a ba-gillion articles and forums.
I have purchased The PHP Anthology (2nd Ed) from sitepoint.
I have copy/pasted code from the book and other tutorials.
I have tried solutions from phpClasses.

Each of these end up with their own little quirk and lack of functionality.

A direct copy/paste and test of the source code from the book didn't even work.

Here is what I'm after:
I want my custom session handler to use a DB exclusively - eg. NO cookies, NO files, NO memory. Why? Who knows - wild hair I suppose.

I built my DBSessionHandler Class and all seems to work well.

my class (DBSessionHandler.Class.php) has the following methods:

public function __construct( $cleanDB )
public function sessionSetSaveHandler( )
public function sessionOpen( )
public function sessionClose( )
public function sessionRead( $id )
public function sessionWrite( $id, $data)
public function sessionDestroy( $id )
public function sessionClean( $max_life )
public function __destruct( )

my test file (index.php) has the following:

PHP Code:

/* this contains the username, password, etc. */
require_once "application/controllers/dbConxn.php" ;
/* the file with the handler methods */
require_once "session/DBSessionHandler.Class.php" ;

$cleanDB['database']     = "admin" ;
$cleanDB['table']         = "session" ;

$objMySession = new DBSessionHandler( $cleanDB ) ;
$objMySession->sessionSetSaveHandler() ;

session_start() ;

if(isset($_SESSION['views']))
{
    $_SESSION['views']=$_SESSION['views']+1;
}
else
{
    $_SESSION['views']=1;
    echo "Views=". $_SESSION['views']; 
} 


I open a new browser and I get a page displaying:
Views=1

in my database I get:

Code:

--------------------------------------------------------------------------------
| session_id                 | session_start | session_access  | session_data |
--------------------------------------------------------------------------------
| e42d3je9pnj2c4pijl2lmkv1i4 | 1230756689    | 1230756689      |  views|i:1;    |
--------------------------------------------------------------------------------

All seems well and good.. then I hit refresh...

and VOILA the page reads:
Views=1

BUT the database has ANOTHER entry:

Code:

--------------------------------------------------------------------------------
| session_id                 | session_start | session_access | session_data |
--------------------------------------------------------------------------------
| 2kj690fo020f3g56ib9qbd4n66 | 1230756463    | 1230756463      |  views|i:1;    |
--------------------------------------------------------------------------------
| e42d3je9pnj2c4pijl2lmkv1i4 | 1230756689    | 1230756689      |  views|i:1;    |
-------------------------------------------------------------------------------------

I think I have a "chicken or the egg" problem.
Maybe it's a php.ini setting?

2 questions :
1) Any ideas on where to look for why it doesn't see the session so it keeps creating a new one?

2) I use EclipseIDE -- it has debugging feature that I have never learned (or tried to) use. Would it walk you through the code and show (possibly) where things are awry?

Thanks in advance to anyone that can help.

[AnthonySterling]

Could you post the code for DBSessionHandler?

You're not by chance calling session_destroy() in the __destruct method are you?

[IanMerwin]

I'm just learning -- so any comments (did I just say that? **DUCK... INCOMING!!! ) Would be greatly appreciated..

Here is my Session Handler Class in it's entirety:

PHP Code:

<?php

class DBSessionHandler
{
    protected    $db_host,
                $db_name,
                $db_table,
                $db_user,
                $db_pass,
                $db_pdo_dsn,
                $db_handle,
                $session_data = array() ;
    
    public function __construct( $cleanDB ) 
    {
        $this->db_host        = $cleanDB['host'] ;
        $this->db_user        = $cleanDB['username'] ;
        $this->db_pass        = $cleanDB['password'] ;
        $this->db_name        = $cleanDB['database'] ;
        $this->db_table        = $cleanDB['table'] ;
        $this->db_pdo_dsn    = "mysql:host=$this->db_host;dbname=$this->db_name" ;
    }

    public function sessionSetSaveHandler( )
    {
        session_set_save_handler(     
            array($this, 'sessionOpen'), 
            array($this, 'sessionClose'), 
            array($this, 'sessionRead'), 
            array($this, 'sessionWrite'), 
            array($this, 'sessionDestroy'), 
            array($this, 'sessionClean') ) ;
    }
    
    public function sessionOpen( ) 
    {    
        return true;
    }

    public function sessionClose( )
    {
        try
        {
            $this->db_handle = null ;
        }
        catch ( Exception $e )
        {
             error_log( "SESSION CLOSE Error message = {$e->getMessage()} " ) ;
            return false ;
        }
        return true;
    }

    public function sessionRead( $id )
    {
        $sql = "SELECT `session_data` FROM {$this->db_table} WHERE `session_id` = '$id'" ;
            
        $this->db_handle = new PDO($this->db_pdo_dsn, $this->db_user, $this->db_pass ) ;
        
        $statement = $this->db_handle->query( $sql ) ;
        $result = $statement->fetch( PDO::FETCH_ASSOC ) ;

        try
        {    
            if( count ( $result ) > 0 )
            {
                $this->set_session_data('id', $result['session_id'] ) ;
                return $result['session_data'] ;
            }
            else
            {
                throw new Exception( "No record found in DB with that id ( {$id} )" ) ;
            }
        }
            
        catch ( Exception $e )
        {
             error_log( "Error message = {$e->getMessage()} " ) ;
             return '' ;
        }
    }

    public function sessionWrite( $id, $data)
    {
        try
        {
            $this->db_handle = new PDO($this->db_pdo_dsn, $this->db_user, $this->db_pass ) ;
            
            $time = time() ;
            
            $sql         = "SELECT * FROM {$this->db_table} WHERE session_id = '" . session_id() . "'" ;
            $statement    = $this->db_handle->query( $sql ) ;
            $result     = $statement->fetch( PDO::FETCH_ASSOC ) ;
            
            if( !empty( $result ) )
            {
                /* a record exists and we need to UPDATE the record */
                $sql =     "UPDATE {$this->db_table} SET session_access = '$time', " .
                        "session_data = '{$data}' WHERE session_id = '{$id}'" ;
            }
            else
            {
                /* NO record exists and we need to do an INSERT */
                $sql =     "INSERT INTO {$this->db_table} (" .
                        "session_id, session_start, session_access, session_data) " .
                        "VALUES ('$id', '$time', '$time', '$data') " ;
            }    
            
            $result = $this->db_handle->exec($sql) ;
            
            return $result ;
        }
        catch ( Exception $e )
        {
            error_log('EXITING the DBSessionHandler::sessionWrite() METHOD WITH ERRORS! ') ;
            error_log( ' >> Error message = ' . $e->getMessage()) ;
            error_log(' >> Line Number: ' . $e->getLine( ) . ' In file: ' . $e->getFile( ) .'\n') ;
        }
    }

    public function sessionDestroy( $id )
    {    
        $sql =     "DELETE FROM {$this->db_table} WHERE session_id = '{$id}'" ;
        
        try
        {
            $count = $this->db_handle->exec($sql) ;    
                
            if( $count > 0 )
            {
                return true;
            }
        }
        catch ( Exception $e )
        {
             return false ;
        }
    }
    
    public function sessionClean( $max_life )
    {    
        $old_sessions = time() - $max_life ;
        
        $sql =     "DELETE FROM {$this->db_table} WHERE session_access < '{$old_sessions}'" ;
        
        try
        {
            $count = $this->db_handle->exec($sql) ;    
                
            if( $count > 0 )
            {
                return true ;
            }
        }
        catch ( Exception $e )
        {
               return false ;
        }
    }
    
    public function set_session_data( $key, $value)
    {
        $this->session_data[$key] = $value ;
    }
    
    public function get_session_data( $key )
    {
        return $this->session_data[$key] ;
    }
    
    public function __destruct( ) 
    {
        session_write_close() ;
    }
}

?>

THE "dbConxn.php" file contains (note this is on my dev server here at home):

PHP Code:

$cleanDB = array( ) ;
    
$cleanDB['host']         = "localhost" ;
$cleanDB['username']     = "root" ;
$cleanDB['password']     = "root" ; 


And the "test" file that "tries" to use it:

PHP Code:

require_once "application/controllers/dbConxn.php" ;
require_once "session/DBSessionHandler.Class.php" ;

$cleanDB['database']     = "admin" ;
$cleanDB['table']         = "session" ;

$objMySession = new DBSessionHandler( $cleanDB ) ;
$objMySession->sessionSetSaveHandler() ;

session_start() ;

if(isset($_SESSION['views']))
{
    $_SESSION['views']=$_SESSION['views']+1;
}
else
{
    $_SESSION['views']=1;
    echo "Views=". $_SESSION['views'];
} 


and.. just in case... this is the MySQL table:

Code:

CREATE TABLE IF NOT EXISTS `session` (
  `session_id` varchar(64) NOT NULL,
  `session_start` int(10) NOT NULL,
  `session_access` int(10) unsigned DEFAULT NULL,
  `session_data` text,
  PRIMARY KEY (`session_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

[AnthonySterling]

It seems to work just fine here, although after testing, the only way I can recreate your results is if I set session.use_cookies to false with:

PHP Code:

ini_set('session.use_cookies','0'); 


This is confirmed by adding ?PHPSESSID={ID} to the URL it correctly increments the relevant database row.

So, you either need to set session.use_cookies to true, ensure your browser is accepting cookies or pass the PHPSESSID in the URL.

I hope this helps.

[IanMerwin]

I did set
session.use_cookies = 0

in my php.ini thinking that this would force the script to use the db rather than the URL or Cookies.... I guess my ignorance goes a little deeper than I thought...

So, I will try that and maybe try to find some good tutorials or walk-throughs for a better understanding of how sessions work and the use of cookies/POST/GET (step by step).

One of the reasons I struggle with learning is I learn best with videos/powerpoints/mentor explaining... or other visuals... I can learn almost instantaneously...

But when i have to..

PHP Code:

for( $i = 0; $i< 1000000; $i++)
{
   Google tutorial ;
   read tutorial ;
   try tutorial;
   echo "emphasized bad word - that didn't work!" ;
} 


It's like watching pain dry -- how slow I pick this stuff up..

Thanks for your help -- will try that now...

[AnthonySterling]

I completely understand, I think that learning strategy is part of the Geek psyche!

As far as I'm aware, PHP stores the GUID for the session in a cookie rather than the session data its self, this enables it to pair the user to the the session.

I wish I could point you in the direction of a good tutorial, but alas I cannot...my only other, albeit, poor suggestion would be to visit the PHP Manual.

Good luck.