Good tutorial. I would also like to add that the session data can be stored in a database, thus avoiding any problems with application pools (winows) or other possible security risks in a shared hosting environment
just create a session class
PHP Code:
class session
{
/* Define the MySQL Server table you wish to use with
this class, this table MUST exist. */
var $ses_table = "YourTableName";
/* Change to 'Y' if you want to connect to a db in
the _open function */
var $db_con = "Y";
/* Configure the info to connect to MySQL, only required
if $db_con is set to 'Y' */
var $db_host = "localhost";
var $db_user = "username";
var $db_pass = "password";
var $db_dbase = "database_name";
/* Create a connection to a database */
function db_connects() {
$mysql_connect = @mysql_connect ($this->db_host,
$this->db_user,
$this->db_pass);
$mysql_db = @mysql_select_db ($this->db_dbase);
if (!$mysql_connect || !$mysql_db) {
return FALSE;
} else {
return TRUE;
}
}
/* Open session, if you have your own db connection
code, put it in here! */
function _open($path, $name) {
if ($this->db_con == "Y") {
$this->db_connects();
}
return TRUE;
}
/* Close session */
function _close() {
/* This is used for a manual call of the
session gc function */
$this->_gc(0);
return TRUE;
}
/* Read session data from database */
function _read($ses_id) {
$this->db_connects();
$session_sql = "SELECT * FROM " . $this->ses_table
. " WHERE ses_id = '$ses_id'";
$session_res = mysql_query($session_sql);
if (!$session_res) {
return '';
}
$session_num = mysql_num_rows ($session_res);
if ($session_num > 0) {
$session_row = mysql_fetch_assoc ($session_res);
$ses_data = $session_row["ses_value"];
return $ses_data;
} else {
return '';
}
}
/* Write new data to database */
function _write($ses_id, $data) {
$this->db_connects();
$session_sql = "UPDATE " . $this->ses_table
. " SET ses_time='" . time()
. "', ses_value='".addslashes($data)."' WHERE ses_id='$ses_id'";
$session_res = mysql_query ($session_sql) or die('Query failed: ' . mysql_error().'<br>'.$session_sql);
if (!$session_res) {
return FALSE;
}
if (mysql_affected_rows ()) {
return TRUE;
}
$session_sql = "INSERT INTO " . $this->ses_table
. " (ses_id, ses_time, ses_start, ses_value)"
. " VALUES ('$ses_id', '" . time()
. "', '" . time() . "', '$data')";
$session_res = mysql_query ($session_sql);
if (!$session_res) {
return FALSE;
} else {
return TRUE;
}
}
/* Destroy session record in database */
function _destroy($ses_id) {
$this->db_connects();
$session_sql = "DELETE FROM " . $this->ses_table
. " WHERE ses_id = '$ses_id'";
$session_res = mysql_query ($session_sql);
if (!$session_res) {
return FALSE;
} else {
return TRUE;
}
}
/* Garbage collection, deletes old sessions */
function _gc($life) {
$this->db_connects();
$ses_life = strtotime("-2 hours");
$session_sql = "DELETE FROM " . $this->ses_table
. " WHERE ses_time < $ses_life";
$session_res = mysql_query ($session_sql);
if (!$session_res) {
return FALSE;
} else {
return TRUE;
}
}
}
Then when you want to start the session just add a few lines to the tutorial above
PHP Code:
require("classes/session.class.php"); //the file with the above class code in
/* Create new object of class */
$ses_class = new session();
/* Change the save_handler to use the class functions */
session_set_save_handler (array(&$ses_class, '_open'),
array(&$ses_class, '_close'),
array(&$ses_class, '_read'),
array(&$ses_class, '_write'),
array(&$ses_class, '_destroy'),
array(&$ses_class, '_gc'));
/* Start the session */
session_start();
That's it - session data stored safely in a database - with the advantage that you can query it to find out things like - who's online