Page 1 of 2

confused about custom session handling

Posted: Wed May 12, 2004 9:15 am
by pixelwraith
hi :)
i think im confused about how to use session variables stored in a database....and would like some help
im not displaying code because i think im not getting the point of the session handler

after coding a website, on uploading it, i found that the host did not support file stored session variables
so i found out about custom session handling at zend

i tried using the code supplied while accessing another table that checks password and username
the session handling code worked on its own
the password and username code worked on its own
but on the same page, the session handling code doesnt work with the password and username checking code
i dont want the session created if the user doesnt enter the correct data so i need to check password and username in another table first (and extract some data to be used in the session from the table containing the password and username)
it could have been a coding problem but i didnt want to post anything until i got some feedback

also im not sure how to use variables stored in the database by the session handler
for example if i wanted a variable that held the access level of users that allows them access (e.g admin, member) to particular pages and i wanted to create a session variable called access_Level, how do i access this variable?
if the variable is file based its just $HTTP_SESSION_VARS['access_Level']
if the session variable is stored in a database how do i access the variable without having to open the database each time the user moves from page to page? that doesnt seem to make sense to me - thats why i think im confused about how to use the session data in the database

Posted: Wed May 12, 2004 9:49 am
by launchcode
I think you're confusing the fact that the session data is stored in a database, with the degree to which you need to interface with this database.

First of all - PHP will by default save session files into lots of small text files dumped into the systems temp directory. This is the "files" session handler.

You can however write your own instead - first you need to open up the php.ini file and change the session data handler from files to "user" and then specify the function names via the session_set_save_handler() function.

You also need to create the database for it and the access functions - it's actually quite a long process overall, so I found an on-line tutorial that should help you out.

http://www.tek-tips.com/gfaqs.cfm/pid/434/fid/2037

I would post the code I use, but there is far too much custom stuff in it and I'm sure it would confuse you even more, but the above seems to have all of the right things you need. Best of luck!

Posted: Wed May 12, 2004 9:56 am
by Weirdan
Look, session mechanism in php supports various storage engines via custom session handlers. Default storage engine is file based session storage. Do you need to open some file in your code to get default session handlers to work? Naturally no. You don't need to work with session tables in db directly either. Just set custom handlers and use sessions as usual, eg via session_start(), $_SESSION or $HTTP_SESSION_VARS

Posted: Thu May 13, 2004 4:16 am
by pixelwraith
ok i think i get it
ill have a look at the tutorial and go from there :D

session handler

Posted: Sat Jun 05, 2004 12:52 am
by pixelwraith
ive tried the code in tek-tips
http://www.tek-tips.com/gfaqs.cfm/pid/434/fid/2037
for session handling
it allows me to log in but doesnt delete the session variables so i can never log out

my logout code definately works as ive used it with another session handler and file based sessions but here it is anyway
<?
$go = "../adminlogin.php";
header("Location: $go");
include("../../include/session_mysql.php");
session_start();
unset($_SESSION['details']);
unset($_SESSION['valid_user']);
unset($_SESSION['timeout']);
session_destroy();
?>

has anyone been able to use this code (tek-tips) successfully?

Posted: Sat Jun 05, 2004 10:50 am
by launchcode
Destory the session before redirecting to another page. Also unset($_SESSION) isn't advisable - easier to just use $_SESSION = array(), or the session_unset() function.

Posted: Sat Jun 05, 2004 12:24 pm
by pixelwraith
apparently
quote:
Note: If $_SESSION (or $HTTP_SESSION_VARS for PHP 4.0.6 or less) is used, use unset() to unregister a session variable, i.e. unset ($_SESSION['varname']);.

i have used $_session so i think i need to use unset
i tried session_unset and it didnt make a difference

if i use $_SESSION = array() will i have to make an array of the session variables?

ill try destroying b4 redirecting
thanks :)

Posted: Sat Jun 05, 2004 2:45 pm
by launchcode
It depends on your configuration of PHP - if you have register globals enabled then you should use session_unregister() (unless using a version of PHP after 4.3 when you can unset instead). If you have register globals disabled then unset the session values one by one as you said. Setting $_SESSION = array() will just blank out every value without destroying the super global (which is what an unset($_SESSION) would do).

Posted: Sat Jun 05, 2004 9:33 pm
by pixelwraith
i only encountered this problem when i changed the session handler code.
are you sure my problem has anything to do with the logout code?

Posted: Sat Jun 05, 2004 9:52 pm
by launchcode
Your log out code looks fine - other than my suggestion of reversing the session_destory and Location header statements, I can't see why it wouldn't work.

Posted: Sat Jun 05, 2004 10:02 pm
by markl999
The code at tek-tips is buggy.
It calls this function:

Code: Select all

function sess_destroy($key)
{
     global $SESS_DBH;

     $qry = "DELETE FROM $SESS_DBTABLE WHERE sesskey = '$key'";
     $qid = mysql_query($qry, $SESS_DBH);

     return $qid;
}
$SESS_DBTABLE will be undefined as it isn't in scope, so it needs to be:
global $SESS_DBH, $SESS_DBTABLE;

Posted: Sun Jun 06, 2004 3:04 pm
by Guilherme Blanco
I published my session/cookie abstraction layer a while time ago...

It's buggy in one piece of code, I already solved it (my first post here), and will update it soon.

Link: http://www.phpclasses.org/browse/package/1620.html


Regards,

Posted: Mon Jun 07, 2004 12:15 am
by pixelwraith
mark i made that change plus somewhere else but i still couldnt log out

Guilherme i had a quick look at your code - will have to spend more time to understand it
ill keep a look out for an update...


btw is it common for a webhost to not allow file based session handling?

Posted: Mon Jun 07, 2004 5:38 am
by launchcode
btw is it common for a webhost to not allow file based session handling?
Not really - that is the most common form of session handling (not to mention the default and most effective from a system performance point of view)

Posted: Tue Jun 08, 2004 6:02 am
by pixelwraith
yes i dont think we'll be using that web host again :?
apart from that we are only allowed one database on the plan when two is preferred with session handling