Page 1 of 1

Is storing a database connection in $_SESSION bad practice?

Posted: Fri Oct 27, 2006 7:07 pm
by nutkenz
It sure make things easy:

Code: Select all

$_SESSION["db"] = new db($cnf["database_user"],$cnf["database_pass"],$cnf["database"],$cnf["database_host"]);
But is it safe and scalable? I read somewhere (http://digg.com/programming/How_Not_To_ ... ent_in_PHP) that PHP automatically rides MySQL connections on top of each other (does not open one for each request) if the parameters are the same:
Actually... when you make a MySQL connection in PHP, any subsequent connections made with the same parameters ride on top of the first connection (shared). In other words, you can create a bunch of database objects as needed, and they'll all share the same connection.
I did some research on Google, but it seems not many people had the same idea... Perhaps someone could tell me if there's a good reason for that? Thanks in advance.

Posted: Fri Oct 27, 2006 7:51 pm
by feyd
The connection is closed after the page request is finished.

Posted: Sat Oct 28, 2006 12:41 am
by matthijs
Maybe a safety issue could be that on shared hosts sessions might be read by others? (as far as I know)

Posted: Sat Oct 28, 2006 3:41 am
by alex.barylski
how about not practical or impossible?

Posted: Sat Oct 28, 2006 4:28 am
by nutkenz
Hockey wrote:how about not practical or impossible?
It's both very practical and possible... I tried replacing SESSION with GLOBALS, but now I get an error in some functions and classes:

Notice: Undefined variable: _GLOBALS in /usr/home/public_html/testing/classes/FeedManager.php on line 73

Posted: Sat Oct 28, 2006 6:11 pm
by John Cartwright
nutkenz wrote:
Hockey wrote:how about not practical or impossible?
It's both very practical and possible... I tried replacing SESSION with GLOBALS, but now I get an error in some functions and classes:

Notice: Undefined variable: _GLOBALS in /usr/home/public_html/testing/classes/FeedManager.php on line 73
$GLOBALS not $_GLOBALS

Posted: Sat Oct 28, 2006 7:00 pm
by Weirdan
feyd wrote:The connection is closed after the page request is finished.
Unless it is persistent connection (it seems the article mentioned by OP was about persistent connections).
nutkenz wrote: It's both very practical and possible...
possible... yes, but practical - I doubt it. Resources can't be serialized, so you would end up writing __sleep() and __wakeup() methods and shift code to establish the connection there.

Posted: Sat Oct 28, 2006 7:50 pm
by dbevfat
Weirdan wrote:Unless it is persistent connection (it seems the article mentioned by OP was about persistent connections).
True, the connection is not closed, but the database resource handle is still unusable in subsequent requests, just as with files, images, etc. The fact that the database connection was reused is invisible to the php script. The php db-resource handle is not the database connection, so storing it in $_SESSION is useless.

Posted: Sun Oct 29, 2006 4:14 am
by nutkenz
dbevfat wrote:
Weirdan wrote:Unless it is persistent connection (it seems the article mentioned by OP was about persistent connections).
True, the connection is not closed, but the database resource handle is still unusable in subsequent requests, just as with files, images, etc. The fact that the database connection was reused is invisible to the php script. The php db-resource handle is not the database connection, so storing it in $_SESSION is useless.
Useless okay, but is it problematic?

edit: I replaced _SESSION with GLOBALS. Seems to work just as good.

Posted: Sun Oct 29, 2006 4:31 am
by timvw
Since it's useless, it's problematic by default... (It's only purpose is to confuse other developers)