Search code examples
phpmysqlsessionsession-set-save-handler

Storing session in sql (session_set_save_handler())

So, I am making a login system and the users should be logged in more than 24 min. That's why I decided to store the session in my DB.
I used this function: (I established my own sql's connection -> sqlConnectionConfig.php)
sessions.php file (I found this code on php.net.):

class session {
    // session-lifetime
    var $lifeTime;
    // mysql-handle
    var $dbHandle;
    function open($savePath, $sessName) {
       // get session-lifetime
       $this->lifeTime = get_cfg_var("session.gc_maxlifetime");
       // open database-connection
        require_once '../sqlConnectionConfig.php';
        $dbHandle = @mysql_connect($sqlHost,$sqlUser,$sqlPass);
         $dbSel = @mysql_select_db($sqlDb,$dbHandle);
       //return success
       if(!$dbHandle || !$dbSel)
           return false;
       $this->dbHandle = $dbHandle;
       return true;
    }
    function close() {
        $this->gc(ini_get('session.gc_maxlifetime'));
        // close database-connection
        return @mysql_close($this->dbHandle);
    }
    function read($sessID) {
        // fetch session-data
        $res = mysql_query("SELECT session_data AS d FROM ws_sessions
                            WHERE session_id = '$sessID'
                            AND session_expires > ".time(),$this->dbHandle);
        // return data or an empty string at failure
        if($row = mysql_fetch_assoc($res))
            return $row['d'];
        return "";
    }
    function write($sessID,$sessData) {
        // new session-expire-time
        $newExp = time() + $this->lifeTime;
        // is a session with this id in the database?
        $res = mysql_query("SELECT * FROM ws_sessions
                            WHERE session_id = '$sessID'",$this->dbHandle);
        // if yes,
        if(mysql_num_rows($res)) {
            // ...update session-data
            mysql_query("UPDATE ws_sessions
                         SET session_expires = '$newExp',
                         session_data = '$sessData'
                         WHERE session_id = '$sessID'",$this->dbHandle);
            // if something happened, return true
            if(mysql_affected_rows($this->dbHandle))
                return true;
        }
        // if no session-data was found,
        else {
            // create a new row
            mysql_query("INSERT INTO ws_sessions (
                         session_id,
                         session_expires,
                         session_data)
                         VALUES(
                         '$sessID',
                         '$newExp',
                         '$sessData')",$this->dbHandle);
            // if row was created, return true
            if(mysql_affected_rows($this->dbHandle))
                return true;
        }
        // an unknown error occured
        return false;
    }
    function destroy($sessID) {
        // delete session-data
        mysql_query("DELETE FROM ws_sessions WHERE session_id = '$sessID'",$this->dbHandle);
        // if session was deleted, return true,
        if(mysql_affected_rows($this->dbHandle))
            return true;
        // ...else return false
        return false;
    }
    function gc($sessMaxLifeTime) {
        // delete old sessions
        mysql_query("DELETE FROM ws_sessions WHERE session_expires < ".time(),$this->dbHandle);
        // return affected rows
        return mysql_affected_rows($this->dbHandle);
    }
}



Both my admin/index.php and admin/admin.php file has the same session_start(): 

   ini_set("session.gc_maxlifetime", "18000");
    require_once 'sessions.php';
    $session = new session();
    session_set_save_handler(array(&$session,"open"),
                             array(&$session,"close"),
                             array(&$session,"read"),
                             array(&$session,"write"),
                             array(&$session,"destroy"),
                             array(&$session,"gc"));
    session_start();

The index.php contains the form and sends the login data via post to admin.php.
The problem is: Its gonna logout after 24min. But I dont rly know why, My db successfully storing the sessions.

Solution

  • I found out, that, this line caused the problem:

     $this->lifeTime = get_cfg_var("session.gc_maxlifetime");

    So, I set it manually. ($this->lifeTime = 18000;)