Page 1 of 1

session peeking

Posted: Tue Jun 27, 2006 12:54 pm
by themurph
Does anyone have a snippet or a link to a tutorial on the best way to peek into
all open sessions.

I want to do this as an admin function on my site that will return the username
from every currently active session.

So far, I have the following code, lifted from an internet tutorial that returns
the number of active sessions:

Code: Select all

// DETERMINE HOW MANY USERS ARE ONLINE
function onlineUsers()
  {
     // variables
     $count = 0;
     $file = NULL;
     $sessionExpire = ini_get( 'session.gc_maxlifetime' );
     $sessionSavePath = ini_get( 'session.save_path' );
     if( file_exists( $sessionSavePath ) == FALSE ) { return FALSE; }

     // loop through session directory
     $handle = opendir( $sessionSavePath );
     while( FALSE !== ( $file = readdir( $handle ) ) )
       {
          if( ( $file != '.' ) && ( $file != '..' ) )
            {
               // Check If Session Did Not Expire (compare timestamp of session file and session maxlifetime)
               if( filemtime( $sessionSavePath . '/' . $file ) > ( time() - $sessionExpire)) { $count++; }
            }
        }

    // return number of online users
    return $count;
  }

Posted: Tue Jun 27, 2006 1:21 pm
by RobertGonzalez
What is wrong with the snippet you posted (other than the fact it only returns an integer value)? What specifically are you trying to glean from your session data?

Posted: Tue Jun 27, 2006 1:25 pm
by themurph
The current function only returns the number of users online by counting non-expired sessions.

I want a function that will return an array of actual usernames from those active sessions.

Posted: Tue Jun 27, 2006 1:28 pm
by RobertGonzalez
You're gonna have to fork that snippet to open the folder and read from it. This may not give you exactly what you want because, and I couild be wrong here, PHP serializes session data when it is stored. You may end up having to not only get the information, but unserialize it and figure out what is actually in each array value of the unserialized session data strings.

Have you thought of databasing your sessions to allow for easier, and in my opinion, faster, access to session user data?

Posted: Tue Jun 27, 2006 1:43 pm
by Luke
Everah wrote:You're gonna have to fork that snippet to open the folder and read from it. This may not give you exactly what you want because, and I couild be wrong here, PHP serializes session data when it is stored. You may end up having to not only get the information, but unserialize it and figure out what is actually in each array value of the unserialized session data strings.

Have you thought of databasing your sessions to allow for easier, and in my opinion, faster, access to session user data?
Yes, they are serialized... here is an example of a session file:

Code: Select all

ssmc2fm|a:4:{s:10:"time_start";i:1151429762;s:9:"user_name";b:0;s:9:"pass_word";b:0;s:7:"user_id";b:0;}

Posted: Tue Jun 27, 2006 1:54 pm
by themurph
Thanks for the input! I'll look into unserializing the data first. Barring that, I'll explore
the database option, which is something I have been wanting to do for my site as part
of a revamping project anyway.

Posted: Tue Jun 27, 2006 2:17 pm
by feyd
Have a read through the database session class linked from Useful Posts. .. Although I would suggest storing session data in a database.

Posted: Tue Jun 27, 2006 3:28 pm
by themurph
Thanks for the suggestions, guys. Here is the final code for my instant gratification solution.
It's a little messy, but works fine for my immediate purposes. I'm definitely going to build
in the database session management stuff at some point when I have some free development
time to spare.

Code: Select all

// RETURN ARRAY OF USERNAMES CURRENTLY ONLINE
function onlineUsers()
  {
     // variables
     $count = 0;
     $USERINFO = array();
     $file = NULL;
     $sessionExpire = ini_get( 'session.gc_maxlifetime' );
     $sessionSavePath = ini_get( 'session.save_path' );
     if( file_exists( $sessionSavePath ) == FALSE ) { return FALSE; }

     // loop through session directory
     $handle = opendir( $sessionSavePath );
     while( FALSE !== ( $file = readdir( $handle ) ) )
       {
          if( ( $file != '.' ) && ( $file != '..' ) )
            {
               // Check If Session Did Not Expire (compare timestamp of session file and maxlifetime)
               if( filemtime( $sessionSavePath . '/' . $file ) > ( time() - $sessionExpire))
                 {
                    $fullPath = "$sessionSavePath/$file";
                    $sessionString = file_get_contents($fullPath);
                    $data = preg_split('/([A-Za-z_][A-Za-z0-9_]*)\|/',$sessionString,-1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
                    if (count($data) < 9) 
                      {
                         // do nothing (skip bunk sessions)
                      }
                    else
                      {
                         // even indices are the var names, odd indices are unserialized values
                         $al = unserialize($data[1]);
                         $un = unserialize($data[3]);
                         $ds = unserialize($data[9]);
                         $USERINFO[$count] = array('username'=>$un, 'alevel'=>$al, 'dealership'=>$ds);
                         $count++;
                      }
                 }
            }
        }

    // return number of online users
    return $USERINFO;
  }