Custom Session Handler

Updated kenleycapps 0 Tallied Votes 437 Views Share

Ever feel the default session handling is insecure? Or do you just want some originality to show off? Well, here you are. A custom, MySQL-based session handler. It supports base64_encoding and MySQL storage.

Note: I haven't tested this thing in months so I don't know how well it'll work : Good luck, hope you like it.

Configuration: All you gotta do is edit the MySQL configurations, the expire and GC probability (if you really want. its best left as is), and just include session.php in all your session-oriented scripts. =]

Please let me know if you get ANY errors! Thanks.

<?php 

// config 
$m_host = ""; //MySQL Host 
$m_user = ""; //MySQL User 
$m_pass = ""; //MySQL Pass 
$m_db   = ""; //MySQL Database 

$session_expire = 600; // Session expire time, in seconds (minutes * 60 = seconds) 

$gc_probability = 50; // Probability that the garbage collection function will be called. 50% chance by default 

ini_set("session.gc_probability",$gc_probability); 

/* Open function; Opens/starts session 

   Opens a connection to the database and stays open until specifically closed 
   This function is called first and with each page load */ 

function open ($s,$n) // do not modify function parameters 
{ 
  global $session_connection, $m_host, $m_user, $m_pass, $m_db; 
  $session_connection = mysql_pconnect($m_host,$m_user,$m_pass); 
  mysql_select_db($m_db,$session_connection); 
  return true; 
} 

/* Read function; downloads data from repository to current session 

   Queries the mysql database, unencrypts data, and returns it. 
   This function is called after 'open' with each page load. */ 
function read ($id) // do not modify function parameters 
{ 
  global $session_connection,$session_read; 
  $query = "SELECT data FROM sess_data WHERE id=\"{$id}\""; 
  $res = mysql_query($query,$session_connection); 
  if(mysql_num_rows($res) != 1) return ""; // must return string, not 'false' 
  else 
  { 
    $session_read = mysql_fetch_assoc($res); 
    $session_read["data"] = base64_decode($session_read["data"]); 
    return $session_read["data"]; 
  } 
} 


/* Write function; uploads data from current session to repository 

   Inserts/updates mysql records of current session. Called after 'read' 
   with each page load */ 
function write ($id,$data) // do not modify function parameters 
{ 
  if(!$data) { return false; } 
  global $session_connection, $session_read, $session_expire; 
  $expire = time() + $session_expire; 
  $data = mysql_real_escape_string(base64_encode($data)); 
  if($session_read) $query = "UPDATE sess_data SET data=\"{$data}\", expire=\"{$expire}\" WHERE id=\"{$id}\""; 
  else $query = "INSERT INTO sess_data SET id=\"{$id}\", data=\"{$data}\""; 
  mysql_query($query,$session_connection); 
  return true; 
} 

/*Close function; closes session 

  closes mysql connection */ 
function close () 
{ 
  global $session_connection; 
  mysql_close($session_connection); 
  return true; 
} 


/* destroy function; deletes session data 

   deletes records of current session. called ONLY when function 'session_destroy()' 
   is called */ 
function destroy ($id) // do not modify function parameters 
{ 
  global $session_connection; 
  $query = "DELETE FROM sess_data WHERE id=\"{$id}\""; 
  mysql_query($query,$session_connection); 
  return true; 
} 

/* gc function; cleans expired sessions 

   deletes all rows where expire < time(); called with a $gc_probability chance of executing */ 
function gc ($expire) 
{ 
  global $session_connection; 
  $query = "DELETE FROM sess_data WHERE expire < ".time(); 
  mysql_query($query,$session_connection); 
} 


// Set custom handlers 
session_set_save_handler ("open", "close", "read", "write", "destroy", "gc"); 

// Start session 
session_start(); 
?>

// MySQL Database Description

create table sess_data (
id2 int not null auto_increment,
id text not null,
data text,
expire int not null,
primary key(id2)
);
danyboi97 0 Newbie Poster

hi, i noticed a bug in your script. when i used it it logged my out just after i logged in. i fixed this by changing the else query in Write() funtion. so overall this will be the code:

<?php 
 
// config 
$m_host = ""; //MySQL Host 
$m_user = ""; //MySQL User 
$m_pass = ""; //MySQL Pass 
$m_db   = ""; //MySQL Database
$table  = "";
 
$session_expire = 600; // Session expire time, in seconds (minutes * 60 = seconds) 
 
$gc_probability = 100; // Probability that the garbage collection function will be called. 50% chance by default 
 
ini_set("session.gc_probability",$gc_probability); 
 
/* Open function; Opens/starts session 
 
   Opens a connection to the database and stays open until specifically closed 
   This function is called first and with each page load */ 
 
function open ($s,$n) // do not modify function parameters 
{ 
  global $session_connection, $m_host, $m_user, $m_pass, $m_db; 
  $session_connection = mysql_pconnect($m_host,$m_user,$m_pass); 
  mysql_select_db($m_db,$session_connection); 
  return true; 
} 
 
/* Read function; downloads data from repository to current session 
 
   Queries the mysql database, unencrypts data, and returns it. 
   This function is called after 'open' with each page load. */ 
function read ($id) // do not modify function parameters 
{ 
  global $session_connection,$session_read,$table; 
  $query = "SELECT data FROM `$table` WHERE id=\"{$id}\""; 
  $res = mysql_query($query,$session_connection); 
  if(mysql_num_rows($res) != 1) return ""; // must return string, not 'false' 
  else 
  { 
    $session_read = mysql_fetch_assoc($res); 
    $session_read["data"] = base64_decode($session_read["data"]); 
    return $session_read["data"]; 
  } 
} 
function write ($id,$data) // do not modify function parameters 
{ 
  if(!$data) { return false; } 
  global $session_connection, $session_read, $session_expire, $table; 
  $expire = time() + $session_expire; 
  $data = mysql_real_escape_string(base64_encode($data)); 
  if($session_read) $query = "UPDATE `$table` SET data=\"{$data}\", expire=\"{$expire}\" WHERE id=\"{$id}\""; 
  else $query = "INSERT INTO sess_data SET id=\"{$id}\", data=\"{$data}\" expire=\"{$expire}\""; 
  mysql_query($query,$session_connection); 
  return true; 
} 
function close () 
{ 
  global $session_connection; 
  mysql_close($session_connection); 
  return true; 
} 
function destroy ($id) // do not modify function parameters 
{ 
  global $session_connection,$table; 
  $query = "DELETE FROM `$table` WHERE id=\"{$id}\""; 
  mysql_query($query,$session_connection); 
  return true; 
}
function gc ($expire) 
{ 
  global $session_connection,$table; 
  $query = "DELETE FROM `$table` WHERE expire < ".time(); 
  mysql_query($query,$session_connection); 
}
// Set custom handlers 
session_set_save_handler ("open", "close", "read", "write", "destroy", "gc"); 
 
// Start session 
session_start(); 
?>
 
// MySQL Database Description
 
create table $table (
id2 int not null auto_increment,
id text not null,
data text,
expire int not null,
primary key(id2)
);
Mack_1 0 Newbie Poster

It may be worth noting that the PHP functions used are not supported in PHP 5.

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster

It may be worth noting that the PHP functions used are not supported in PHP 5.

Did you even notice the OP is 9 years old?

diafol commented: there's always one! +14
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.