Page 1 of 1

Custom Session Handling Functions using MySQL database

Posted: Sun Oct 27, 2002 4:41 am
by Takuma
I have created my own custom session handling functions so that PHP no longer use file system to store session data. It works fine except that the PHP Session ID gets inserted on links to other pages. I know this happens when trying to store the Sesssion ID in cookie fails, but I have checked my browser settings and it sais, 'Accept all the cookies'. So it should not display the Session ID but it does... Any ideas why?

Well here's the code...

Code: Select all

<?php
	session_module_name("user");

	function session_db() {
		return("ticktaku");
	}
	function session_table() {
		return("session");
	}

	function session_open($path,$name) {
		mysql_pconnect("","","");
		return(true);
	}

	function session_close() {
		return(true);
	}

	function session_read($id) {
		$connect	=	@mysql_select_db(session_db());
		if(!$connect) {
			return(false);
		}

		$sql	=	"SELECT * FROM ".session_table()." WHERE id = '$id'";
		$result	=	@mysql_query($sql);
		if(!$result) {
			return false;	
		}
		$num	=	mysql_num_rows($result);
		if($num != 0) {
			$row	=	mysql_fetch_array($result);
			return($rowї'data']);
		} else {
			return("");
		}
	}

	function session_write($id,$data) {
		$connect	=	@mysql_select_db(session_db());
		if(!$connect) {
			return(false);
		}
		unset($connect);

		$sql	=	"UPDATE ".session_table()." SET data = '".addslashes($data)."'";
		if(isset($_SERVERї'PHP_AUTH_USER'])) {
			$sql	.=	", user = '".addslashes($_SERVERї'HTTP_AUTH_USER'])."'";
		}
		$sql	.=	"WHERE id = '$id'";
		$result	=	mysql_query($sql);
		if(!$result) {
			return false;
		}
		$affected	=	mysql_affected_rows($result);
		if(mysql_affected_rows() != 0) {
			return(true);
		}
		$sql	=	"INSERT ".session_table()." SET data = '".addslashes($data)."', id = '$id'";
		$result	=	mysql_query($sql);
		if(!$result) {
			return false;
		} else {
			return(true);
		}
	}

	function session_remove($id) {
		$connect	=	@mysql_select_db(session_db());
		if(!$connect) {
			return(false);
		}
		unset($connect);

		$sql	=	"DELETE ".session_table()." WHERE id = '$id'";
		$result	=	mysql_query($sql);
		if(!$result) {
			return(false);
		} else {
			return(true);
		}
	}
	
	function session_gc($life) {
		$connect	=	@mysql_select_db(session_db());
		if(!$connect) {
			return(false);
		}

		$sql	=	"DELETE ".session_table()." WHERE time < '".date("YmdHis",time() - $life)."'";
		$result	=	mysql_query($sql);
		if(!$result) {
			return(false);
		} else {
			return(true);
		}
	}

	session_set_save_handler("session_open", "session_close", "session_read", "session_write", "session_remove", "session_gc");
?>
And the SQL for the table:-

Code: Select all

CREATE TABLE session (
			id		VARCHAR(32)	NOT NULL,
			time	TIMESTAMP(14),
			user	TINYTEXT	NOT NULL,
			data	TEXT		NOT NULL,
			PRIMARY KEY(id)
		);

Posted: Sun Oct 27, 2002 5:11 am
by volka
goto http://www.php.net/manual/en/ref.session.php and search for session.use_trans_sid and then disable it in your php.ini or .htaccess ;)