oggie0563
Reputation: 139
Session class declared using session_set_save_handler()
Here is my class,
<?php
class session {
// session-lifetime
var $lifeTime;
// mysql-handle
var $dbHandle;
function open($savePath, $sessName) {
// get session-lifetime
$this->lifeTime = get_cfg_var("session.gc_maxlifetime");
// open database-connection
$dbHandle = @mysql_connect("server","user","pass");
$dbSel = @mysql_select_db("database",$dbHandle);
// return success
if(!$dbHandle || !$dbSel)
return false;
$this->dbHandle = $dbHandle;
return true;
}
function close() {
$this->gc(ini_get('session.gc_maxlifetime'));
// close database-connection
return @mysql_close($this->dbHandle);
}
function read($sessID) {
// fetch session-data
$res = mysql_query("SELECT session_data AS d FROM ws_sessions
WHERE session_id = '$sessID'
AND session_expires >
".time(),$this->dbHandle);
// return data or an empty string at failure
if($row = mysql_fetch_assoc($res))
return $row['d'];
return "";
}
function write($sessID,$sessData) {
// new session-expire-time
$newExp = time() + $this->lifeTime;
// is a session with this id in the database?
$res = mysql_query("SELECT * FROM ws_sessions
WHERE session_id =
'$sessID'",$this->dbHandle);
// if yes,
if(mysql_num_rows($res)) {
// ...update session-data
mysql_query("UPDATE ws_sessions
SET session_expires = '$newExp',
session_data = '$sessData'
WHERE session_id = '$sessID'",$this->dbHandle);
// if something happened, return true
if(mysql_affected_rows($this->dbHandle))
return true;
}
// if no session-data was found,
else {
// create a new row
mysql_query("INSERT INTO ws_sessions (
session_id,
session_expires,
session_data)
VALUES(
'$sessID',
'$newExp',
'$sessData')",$this->dbHandle);
// if row was created, return true
if(mysql_affected_rows($this->dbHandle))
return true;
}
// an unknown error occured
return false;
}
function destroy($sessID) {
// delete session-data
mysql_query("DELETE FROM ws_sessions WHERE session_id =
'$sessID'",$this->dbHandle);
// if session was deleted, return true,
if(mysql_affected_rows($this->dbHandle))
return true;
// ...else return false
return false;
}
function gc($sessMaxLifeTime) {
// delete old sessions
mysql_query("DELETE FROM ws_sessions WHERE session_expires < " .
time(), $this->dbHandle);
// return affected rows
return mysql_affected_rows($this->dbHandle);
}
}
?>
I took it from the manual of php. If I test this class in a script everything goes ok. This way,
<?php
require_once 'session/sessionDb.php';
$session = new session();
session_set_save_handler(array(&$session,"open"),
array(&$session,"close"),
array(&$session,"read"),
array(&$session,"write"),
array(&$session,"destroy"),
array(&$session,"gc"));
session_start();
$_SESSION['name'] = "MySession";
if (!isset($_SESSION['initiated']))
{
session_regenerate_id();
$_SESSION['initiated'] = true;
}
echo 'Sesiones.-<br/><br/>';
$session_id = session_id();
echo '<br/>Sesion Id: ' . $session_id . '<br/>';
$return = $session->write($session_id, 'user1');
if($return)
{
$value = $session->read($session_id);
echo '<br/>User en sesion: ' . $value . '<br/>';
}
$return = $session->write($session_id, 'user2');
if($return)
{
$value = $session->read($session_id);
echo '<br/>User en sesion: ' . $value . '<br/>';
}
$session->close();
echo '<br/>Sesion cerrada!!!<br/>';
?>
But when I try it in my site does not work. If I try to validate if a user is already logged in I get the user is logged in as if he were and he does not. Here is the script login.php,
<?php
$cliente = "";
if(isset($_POST["user"]) && isset($_POST["pass"]))
{
if((trim($_POST["user"]) == '') || (trim($_POST["pass"]) == ''))
{
?>
<script type="text/javascript">
alert("Debes logarte correctamente.");
</script>
<?php
}
else
{
$logged = false;
if(trim($session->read($session_id)) ==
trim($_POST["user"]));
{
?>
<script type="text/javascript">
alert('The user is already logged in');
</script>
<?php
$logged = true;
}
if(!$logged)
{
$db = new DBAccess(DB_SERVER, DB_USER, DB_PASS,
DB_DATABASE);
$db->connect();
$sql = "SELECT nombre FROM " . TABLE_CLIENTE .
" WHERE id_usuario IN " .
"(SELECT id_usuario FROM " . TABLE_USUARIO . "
WHERE login = '" . trim($_POST["user"]) . "')";
$cliente = $db->result($sql, 0, 'nombre');
$db->close();
$db = null;
if($session->write($session_id, trim($_POST["user"])))
{
?>
<script type="text/javascript">
alert("User registered in session.");
</script>
<?php
}
else
{
?>
<script type="text/javascript">
alert("This does not work.");
</script>
<?php
}
}
}
}
?>
Here trim($session->read($session_id)) == trim($_POST["user"]) is true that means the validation is always true. And if I do not validate I get the message: This does not work.
In the header of the home page I have,
require_once 'private/classes/session/sessionDb.php';
$session = new session();
session_set_save_handler(array(&$session,"open"),
array(&$session,"close"),
array(&$session,"read"),
array(&$session,"write"),
array(&$session,"destroy"),
array(&$session,"gc"));
session_start();
$_SESSION['name'] = "MySession";
if (!isset($_SESSION['initiated']))
{
session_regenerate_id();
$_SESSION['initiated'] = true;
}
$session_id = session_id();
and I guess I have $session and $session_id set for the entire site but they do not.
What is goning wrong?
Regards
Upvotes: 0
Views: 1082
Answers (1)
oggie0563
Reputation: 139
Resolved.
Here is my code at the starting of the home.php file,
global $session;
global $session_id;
global $mysession;
session_write_close();
$session = new session();
session_set_save_handler(array(&$session,"open"),
array(&$session,"close"),
array(&$session,"read"),
array(&$session,"write"),
array(&$session,"destroy"),
array(&$session,"gc"));
if(isset($_COOKIE[session_name()]))
$mysession = $_COOKIE[session_name()];
else {
$mysession = md5(microtime().rand(1,9999999999999999999999999));
$parametros_cookies = session_get_cookie_params();
setcookie(session_name($mysession), $mysession, time()+3600, $parametros_cookies['path']);
}
ini_set('session.gc_probability', 100);
ini_set('session.gc_divisor', 100);
session_name($mysession);
session_start();
$old = session_id();
session_regenerate_id(true);
$session_id = session_id();
$rsi = new RegenerateSessionId($old, $session_id);
$rsi->regenerate_id();
unset($rsi);
$rsi = null;
And the session is started and to create a session var you can type $_SESSION['user'] and it is enough.
To close the session I use a logout.php script as follows,
global $session;
if(isset($session) && isset($_POST["logout"]))
{
if(trim($_POST["logout"]) == 'logOut')
{
$session_name = session_name();
unset($session);
$session = null;
session_destroy();
$parametros_cookies = session_get_cookie_params();
setcookie($session_name,'0',1,$parametros_cookies["path"]);
}
}
Regards.
Upvotes: 2
Related Questions
- Unable to set session.save_handler in my code
- Session_set_save_handler not writing to database
- session_set_save_handler set $_SESSION data manually?
- Setting Sessions inside PHP Class
- PHP Fatal Error SessionHandlerInterface
- Warning: session_set_save_handler() expects parameter 1 to be SessionHandlerInterface, object given
- PHP Session Class
- Weird problem with session_set_save_handler() in PHP
- PHP using session_set_save_handler
- PHP Session Confusion