Page 1 of 1

Help with custom session object

Posted: Mon Oct 06, 2003 5:33 pm
by Atari
Hello,

Let me begin by saying hello as a first post - I am having trouble with custom session save handlers. It works on my local machine, however when uploaded to my host, it gives a strange error message that is useless to me:

Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0

I am trying to store session data into a DB, and use a cookie value to trick the session name to prevent hijacking. Here is the code for the object that is causing problems. It is called as (forgive indentation) :

Code: Select all

require_once( 'session.php' );
	
	$config = array( 'db'       => array( 'hostname' => $hostname,
										  'db_user'  => $db_user,
										  'db_pass'  => $db_pass,
										  'db_name'  => $db_name ),
					 'cookie'   => array( 'secure'   => '0' ),
					 'special'  => 'saevenstar',
					 'duration' => 30 );
	new session( $config );

The code for session object is as such, saved into session.php:

Code: Select all

<?php
	class session{
		var $sesskey;
		var $sessid;
		var $hostname;
		var $db_user;
		var $db_pass;
		var $db_name;
		var $resource;
		var $special;
		var $duration;
	
		function session( $config ){
		
			$this->sesskey  = 'init';
			$this->hostname = $config['db']['hostname'];
			$this->db_user  = $config['db']['db_user'];
			$this->db_pass  = $config['db']['db_pass'];
			$this->db_name  = $config['db']['db_name'];
			$this->special  = $config['special'];
			$this->duration = $config['duration'];			
			$sessid         = md5( date("Ymd").$this->special );
			$this->sessid   = $sessid;
			
			ini_set( 'session.save_handler', 'user' );
			ini_set( 'session.auto_start', 0 );
			ini_set( 'session.name', $this->sessid );
			ini_set( 'session.use_cookies', false );
			ini_set( 'session.gc_maxlifetime', 24 );
			ini_set( 'session.gc_probability', 5 );
			ini_set( 'session.use_only_cookies', false );		

			if( !isset( $_COOKIE[ $sessid ] ) ){
				$key = md5( uniqid( '' ) );				
				setcookie( $sessid, $key, ini_get( 'session.cookie_lifetime' ), ini_get( 'session.cookie_path' ), ini_get( 'session.cookie_domain' ) );
				$_COOKIE[$sessid] = $key;
				$this->sesskey    = $key;
			}				
			else{
				$this->sesskey = $_COOKIE[$sessid];
			}
			
			
			session_set_save_handler( array( &$this, 'open' ), array( &$this, 'close' ), array( &$this, 'read' ), array( &$this, 'write' ), array( &$this, 'destroy' ), array( &$this, 'gc' ) );
			session_id( $this->sesskey );
			session_start();
		}
	
		function open( $sess_path, $session_name ){			
			$this->resource = mysql_connect( $this->hostname, $this->db_user, $this->db_pass );
			@mysql_select_db( $this->db_name, $this->resource ) or die( mysql_error() );
			return true;
		}
	
		function close(){
			@mysql_close( $this->resource );
			return true;
		}
		
		function read( $key ){
			$query = @mysql_query( "SELECT * FROM session_data WHERE sess_id = '".md5( $this->sesskey . $this->sessid )."' AND sess_expire > '" . time() . "'" );

			if ( @mysql_num_rows( $query ) > 0 ){
				$info = @mysql_fetch_assoc( $query );
				return  $info['sess_data'];
			}
			
			return false;
		}
			
		function write( $id, $data ){
			$seconds = 3600 * $this->duration;
			$expires = time() + $seconds;			
			return @mysql_query( "REPLACE INTO session_data VALUES ( '".md5( $this->sesskey . $this->sessid  )."', $expires, '".addslashes( $data )."' )", $this->resource ) or die( mysql_error() );
		}
		
		function destroy( $key ){
			@mysql_query( "DELETE FROM session_data WHERE sess_id = '".md5( $this->sesskey . $this->sessid  )."'", $this->resource );

			if ( isset( $_COOKIE[$this->sessid] ) )
				unset( $_COOKIE[$this->sessid] );
							
			return true;
		}
		
		function gc( $maxlifetime ){
			return @mysql_query( "DELETE FROM session_data WHERE sess_expire < '" . time() . "'", $this->resource );
		}
	
	}
	
?>

If you can help, or are willing to help contractually - I will definitely pay for your services if required. This is pretty much an emergency.

Many thanks.
Alex

Posted: Mon Oct 06, 2003 8:19 pm
by volka
hm, where do you set the session handler (from within a running script or with auto_prepend_file) ?
What's the value of session.auto_start? (in cause of doubt use phpinfo();)