Let me begin by saying hello as a first post - I am having trouble with custom session save handlers. It works on my local machine, however when uploaded to my host, it gives a strange error message that is useless to me:
Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0
I am trying to store session data into a DB, and use a cookie value to trick the session name to prevent hijacking. Here is the code for the object that is causing problems. It is called as (forgive indentation) :
Code: Select all
require_once( 'session.php' );
$config = array( 'db' => array( 'hostname' => $hostname,
'db_user' => $db_user,
'db_pass' => $db_pass,
'db_name' => $db_name ),
'cookie' => array( 'secure' => '0' ),
'special' => 'saevenstar',
'duration' => 30 );
new session( $config );The code for session object is as such, saved into session.php:
Code: Select all
<?php
class session{
var $sesskey;
var $sessid;
var $hostname;
var $db_user;
var $db_pass;
var $db_name;
var $resource;
var $special;
var $duration;
function session( $config ){
$this->sesskey = 'init';
$this->hostname = $config['db']['hostname'];
$this->db_user = $config['db']['db_user'];
$this->db_pass = $config['db']['db_pass'];
$this->db_name = $config['db']['db_name'];
$this->special = $config['special'];
$this->duration = $config['duration'];
$sessid = md5( date("Ymd").$this->special );
$this->sessid = $sessid;
ini_set( 'session.save_handler', 'user' );
ini_set( 'session.auto_start', 0 );
ini_set( 'session.name', $this->sessid );
ini_set( 'session.use_cookies', false );
ini_set( 'session.gc_maxlifetime', 24 );
ini_set( 'session.gc_probability', 5 );
ini_set( 'session.use_only_cookies', false );
if( !isset( $_COOKIE[ $sessid ] ) ){
$key = md5( uniqid( '' ) );
setcookie( $sessid, $key, ini_get( 'session.cookie_lifetime' ), ini_get( 'session.cookie_path' ), ini_get( 'session.cookie_domain' ) );
$_COOKIE[$sessid] = $key;
$this->sesskey = $key;
}
else{
$this->sesskey = $_COOKIE[$sessid];
}
session_set_save_handler( array( &$this, 'open' ), array( &$this, 'close' ), array( &$this, 'read' ), array( &$this, 'write' ), array( &$this, 'destroy' ), array( &$this, 'gc' ) );
session_id( $this->sesskey );
session_start();
}
function open( $sess_path, $session_name ){
$this->resource = mysql_connect( $this->hostname, $this->db_user, $this->db_pass );
@mysql_select_db( $this->db_name, $this->resource ) or die( mysql_error() );
return true;
}
function close(){
@mysql_close( $this->resource );
return true;
}
function read( $key ){
$query = @mysql_query( "SELECT * FROM session_data WHERE sess_id = '".md5( $this->sesskey . $this->sessid )."' AND sess_expire > '" . time() . "'" );
if ( @mysql_num_rows( $query ) > 0 ){
$info = @mysql_fetch_assoc( $query );
return $info['sess_data'];
}
return false;
}
function write( $id, $data ){
$seconds = 3600 * $this->duration;
$expires = time() + $seconds;
return @mysql_query( "REPLACE INTO session_data VALUES ( '".md5( $this->sesskey . $this->sessid )."', $expires, '".addslashes( $data )."' )", $this->resource ) or die( mysql_error() );
}
function destroy( $key ){
@mysql_query( "DELETE FROM session_data WHERE sess_id = '".md5( $this->sesskey . $this->sessid )."'", $this->resource );
if ( isset( $_COOKIE[$this->sessid] ) )
unset( $_COOKIE[$this->sessid] );
return true;
}
function gc( $maxlifetime ){
return @mysql_query( "DELETE FROM session_data WHERE sess_expire < '" . time() . "'", $this->resource );
}
}
?>If you can help, or are willing to help contractually - I will definitely pay for your services if required. This is pretty much an emergency.
Many thanks.
Alex