Session lock when sessions r stored in mysql

i want to store sessions in mysql tables using session_set_save_handler function.

While reading some articles i came across the fact that while sessions are stored in files, the sessions are locked, but when sessions are stored in mysql using custom functions, sessions are not locked.
i also read that when sessions are stored in mysql using custom functions there will be problems when 2 persons simultaneously access the sessions.

is this issue solved in the latest versions of php?
or is there still problems of session locking?

Are you sharing the sessions? As that is not really allowed.

sharing the sessions?

Are you trying to access the session at the same time by 2 different scripts?

First off, why do you need to do this? Perhaps a better description will garner some decent responses, but for the most part what you are wanting to do is not necessary.

Secondly, it is not about the lock so much as two clients simultaneously accessing the session: regardless of locks, you have will likely have no way to know which does what first. If script1.php sets admin false and script2.php sets admin true, and you run both at once (via frames/ajax/whatever) then admin will be true or false based solely on which script finishes execution last.

it’s for users logging in.

the thing which i’ve doubt is: if 2 users having 2 different session ids, access a page at the same time in which there is a script to modify the session data. Will it change the value of the other person’s session data accidentally if sessions are stored in mysql.

is there session locking for sessions stored in database in the latest versions of php?

It should never modify each other’s session data, as you are not overwriting it, each one is unique

does the latest versions of php support session locking for sessions stored in database (using session_set_save_handler)?

if you have two different ids then how can they be equal; you can’t modify two records when using a unique key.

No, php can’t write your sql queries for you. The only thing php does with session handling is make sure session_write is done after the script loads.


php doesn’t support sessions stored in a database. It supports it’s default (file storage), or you taking over and doing what you want.

thanks a lot guys for replying…i was just wondering, how does php generate the session id - PHPSESSID? What are the parameters used for generating this hash?

How PHP generates the session id? No idea, but it provides this function:

It is a hash of REMOTE_ADDR(ip) and the current microtime, with optional entropy from a file.

hmm…i never thought REMOTE_ADDR(ip) will be used as a part to generate the PHPSESSID