confused about custom session handling

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

pixelwraith
Forum Newbie
Posts: 18
Joined: Wed Apr 14, 2004 11:01 am

confused about custom session handling

Post by pixelwraith »

hi :)
i think im confused about how to use session variables stored in a database....and would like some help
im not displaying code because i think im not getting the point of the session handler

after coding a website, on uploading it, i found that the host did not support file stored session variables
so i found out about custom session handling at zend

i tried using the code supplied while accessing another table that checks password and username
the session handling code worked on its own
the password and username code worked on its own
but on the same page, the session handling code doesnt work with the password and username checking code
i dont want the session created if the user doesnt enter the correct data so i need to check password and username in another table first (and extract some data to be used in the session from the table containing the password and username)
it could have been a coding problem but i didnt want to post anything until i got some feedback

also im not sure how to use variables stored in the database by the session handler
for example if i wanted a variable that held the access level of users that allows them access (e.g admin, member) to particular pages and i wanted to create a session variable called access_Level, how do i access this variable?
if the variable is file based its just $HTTP_SESSION_VARS['access_Level']
if the session variable is stored in a database how do i access the variable without having to open the database each time the user moves from page to page? that doesnt seem to make sense to me - thats why i think im confused about how to use the session data in the database
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

I think you're confusing the fact that the session data is stored in a database, with the degree to which you need to interface with this database.

First of all - PHP will by default save session files into lots of small text files dumped into the systems temp directory. This is the "files" session handler.

You can however write your own instead - first you need to open up the php.ini file and change the session data handler from files to "user" and then specify the function names via the session_set_save_handler() function.

You also need to create the database for it and the access functions - it's actually quite a long process overall, so I found an on-line tutorial that should help you out.

http://www.tek-tips.com/gfaqs.cfm/pid/434/fid/2037

I would post the code I use, but there is far too much custom stuff in it and I'm sure it would confuse you even more, but the above seems to have all of the right things you need. Best of luck!
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Look, session mechanism in php supports various storage engines via custom session handlers. Default storage engine is file based session storage. Do you need to open some file in your code to get default session handlers to work? Naturally no. You don't need to work with session tables in db directly either. Just set custom handlers and use sessions as usual, eg via session_start(), $_SESSION or $HTTP_SESSION_VARS
pixelwraith
Forum Newbie
Posts: 18
Joined: Wed Apr 14, 2004 11:01 am

Post by pixelwraith »

ok i think i get it
ill have a look at the tutorial and go from there :D
pixelwraith
Forum Newbie
Posts: 18
Joined: Wed Apr 14, 2004 11:01 am

session handler

Post by pixelwraith »

ive tried the code in tek-tips
http://www.tek-tips.com/gfaqs.cfm/pid/434/fid/2037
for session handling
it allows me to log in but doesnt delete the session variables so i can never log out

my logout code definately works as ive used it with another session handler and file based sessions but here it is anyway
<?
$go = "../adminlogin.php";
header("Location: $go");
include("../../include/session_mysql.php");
session_start();
unset($_SESSION['details']);
unset($_SESSION['valid_user']);
unset($_SESSION['timeout']);
session_destroy();
?>

has anyone been able to use this code (tek-tips) successfully?
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

Destory the session before redirecting to another page. Also unset($_SESSION) isn't advisable - easier to just use $_SESSION = array(), or the session_unset() function.
pixelwraith
Forum Newbie
Posts: 18
Joined: Wed Apr 14, 2004 11:01 am

Post by pixelwraith »

apparently
quote:
Note: If $_SESSION (or $HTTP_SESSION_VARS for PHP 4.0.6 or less) is used, use unset() to unregister a session variable, i.e. unset ($_SESSION['varname']);.

i have used $_session so i think i need to use unset
i tried session_unset and it didnt make a difference

if i use $_SESSION = array() will i have to make an array of the session variables?

ill try destroying b4 redirecting
thanks :)
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

It depends on your configuration of PHP - if you have register globals enabled then you should use session_unregister() (unless using a version of PHP after 4.3 when you can unset instead). If you have register globals disabled then unset the session values one by one as you said. Setting $_SESSION = array() will just blank out every value without destroying the super global (which is what an unset($_SESSION) would do).
pixelwraith
Forum Newbie
Posts: 18
Joined: Wed Apr 14, 2004 11:01 am

Post by pixelwraith »

i only encountered this problem when i changed the session handler code.
are you sure my problem has anything to do with the logout code?
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

Your log out code looks fine - other than my suggestion of reversing the session_destory and Location header statements, I can't see why it wouldn't work.
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

The code at tek-tips is buggy.
It calls this function:

Code: Select all

function sess_destroy($key)
{
     global $SESS_DBH;

     $qry = "DELETE FROM $SESS_DBTABLE WHERE sesskey = '$key'";
     $qid = mysql_query($qry, $SESS_DBH);

     return $qid;
}
$SESS_DBTABLE will be undefined as it isn't in scope, so it needs to be:
global $SESS_DBH, $SESS_DBTABLE;
Guilherme Blanco
Forum Newbie
Posts: 12
Joined: Wed Jun 02, 2004 4:58 pm
Location: São Carlos - SP/Brazil
Contact:

Post by Guilherme Blanco »

I published my session/cookie abstraction layer a while time ago...

It's buggy in one piece of code, I already solved it (my first post here), and will update it soon.

Link: http://www.phpclasses.org/browse/package/1620.html


Regards,
pixelwraith
Forum Newbie
Posts: 18
Joined: Wed Apr 14, 2004 11:01 am

Post by pixelwraith »

mark i made that change plus somewhere else but i still couldnt log out

Guilherme i had a quick look at your code - will have to spend more time to understand it
ill keep a look out for an update...


btw is it common for a webhost to not allow file based session handling?
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

btw is it common for a webhost to not allow file based session handling?
Not really - that is the most common form of session handling (not to mention the default and most effective from a system performance point of view)
pixelwraith
Forum Newbie
Posts: 18
Joined: Wed Apr 14, 2004 11:01 am

Post by pixelwraith »

yes i dont think we'll be using that web host again :?
apart from that we are only allowed one database on the plan when two is preferred with session handling
Post Reply