Sessions Management PHP Class 1.0
Tuesday, August 01, 2006News, Sessions Management PHP Class
This PHP class handles PHP sessions by using a MySQL database for session related data storage and providing better security than the default sessions handler used by PHP
Posts
August 09, 2006 9:15 PM
This looks really useful! I'm a newbie to OO and sessions (and probably in over my head) but how would I deploy this from page to page?
something like?
require('include/class.dbsession.php');
$visitor_session->read();
Ugh. Thanks!
Best, Chris
August 10, 2006 9:31 AM
well, yes, you'd have to require('include/class.dbsession.php'); and also to $session = new dbsession(); on every page or, if you have an index.php that does all the redirection then you would call them in the index.php file.
after that you'd do something like $_SESSION["variablename"] = "value"; and on the next page - of course, after requiring the file and instantiating the object - if you'd write print_r($_SESSION["variablename"]; you'd get "value".
August 30, 2006 1:14 PM
First off, excellent session handler.
Took some time for me to get it working, but this was due to my PHP knowledge.
I hope you are open to questions because I gotta bunch to ask :)
1. Does the file need to be called class.dbsession.php or can I just call it dbsession.php
Not sure what the difference between a PHP function and class is?
2. I have included the file within the header that appears at the top of every page. How can I access the $session_id variable to compare this within my pages. Is it possible or do I just look for the session id using something like:
$thisone = session_id();
Pete UK
August 30, 2006 1:30 PM
Perhaps mention that session_regenerate_id() does not destroy the current session, it simply replaces the current one.
September 06, 2006 1:45 AM
I am new to using OOP as well and am thinking about implementing your methods into my script.
Just to clear things up for my sake and maybe others. I need a better understanding on a couple of things.
This is used to include the script.
require('include/class.dbsession.php');
Create a session.
$session = new dbsession();
Pass variables between pages.
$_SESSION["variablename"] = "value";
Question 1:
How do I destroy a session using this code within a simple logout script?
Question 2:
When I need to post form data, can I still use $_REQUEST to process all the form data in the next script or do I have to use $_SESSION instead.
Question 3:
Is using $_SESSION recommended for carrying important variables like a unique session_id(); between pages to further help authenticate users?
September 06, 2006 11:34 AM
Hi, just like to comment that this does look useful, but could do with a couple of improvements.
session_id could probably be reduced to varchar(32) and set as the primary key (otherwise a whole table scan is done every time you want to load a session.
In addition, you could probably replace the select then update/insert block with a single 'REPLACE INTO' SQL statement.
And for some extra sanity you could use native SQL dates (e.g. session_expire = NOW() + (INTERVAL $this->sessionLifetime SECOND).
Just some food for thought :)
Ta, Harry
September 06, 2006 12:15 PM
hi peter,
you can call the file whatever you like but that does not change the way you instantiate the class. whatever you call the file, after including it you still have to instantiate it by calling i.e. $dbSession = new dbSession(). if you want another name for the class instead change edit the class.dbsession.php file (or whatever name you have renamed it to) and change the line "class dbSession" to "class newname". from now on you'd have to instantiate the class like this: $dbSession = new newname(); of course $dbSession can be whatever name you want
to second question: you are right - you do that. as the description of the class says: after instantiating the class, you use sessions as you would normally :)
September 06, 2006 12:17 PM
hi harry,
many thanks for the very good comments on improving the quality of the class. you'll have a new updated version available next week.
thanks again!
September 11, 2006 4:27 AM
It would be most helpful if you had for this, an example file like you do with the database wrapper. Its still a little vague for how to best apply this excellent resource for some of us who are new to php and trying to do the right stuff to secure our code.
September 11, 2006 9:29 AM
coming this week!