CODEWITHSUNDEEP
phpmysqlsession
bear
bear

Reputation: 11615

Converting file sessions to database-based sessions

I'm trying to convert normal, file-based sessions to more manageable database-based sessions, thus giving me greater flexibility in terms of scaling, and managing sessions, including remotely terminating them.

This is the current login process:

                if($db)//$u&&$p)
                    {                           

                        $sql = "SELECT * FROM tbl_user WHERE ";
                        switch(LOGIN_METHOD)
                            {
                                case 'both':
                                    $sql .= "(username='".$db->real_escape_string($u)."' OR useremail='".mysql_real_escape_string($u)."')";
                                    break;
                                case 'email':
                                    $sql .= "useremail='".$db->real_escape_string($u)."'";
                                    break;
                                default:
                                    $sql .= "username='".$db->real_escape_string($u)."'";
                                    break;
                            }
                        $sql .= " AND userpassword = '".md5($sysconfig['salt'].$p)."'";

                        $rs = @$db->query($sql);

                        if(!$rs) return false;

                        if($rs->num_rows)
                            {
                                $this->set_session(array_merge($rs->fetch_assoc(),array('expires'=>time()+(15*60))));
                                $return = true;
                            }
                        $rs->free_result();
                        $db->close();
                        unset($rs,$sql);
                    }

The line I am interested in, where it sets the session is:

$this->set_session(array_merge($rs->fetch_assoc(),array('expires'=>time()+(15*60))));

Where, set_session: 

private function set_session($a=false)
    {
        if(!empty($a))
            {
                $_SESSION['exp_user'] = $a;
            }
    }

In the table, only the username, login email, login password and userid is stored.

How would I go about converting this to a database-based session system, powered by MySQL, of course?

Should I go with MEMORY or HEAP type tables?

Upvotes: 2

Views: 1052

Answers (1)

Halcyon
Halcyon

Reputation: 57719

You should look at set_session_save_handler. It allows you to specify how the session handler can retrieve and store it's data. It's fairly straightforward to write an implementation that uses a database.

With this approach you can continue to use $_SESSION like you normally would.

MEMORY and HEAP is the same thing (in MySQL). You can chose to use a MEMORY table since sessions are allowed to be volatile. I don't know much about the performance characteristics for this purpose though. I'm guessing that if your session table is small enough it will be mostly in memory anyway.

Upvotes: 2

Related Questions