UPDATE (Added the code for the class that does the read/write)
<?php
error_reporting(E_ALL);
class dbSession
{
function dbSession($gc_maxlifetime = "", $gc_probability = "", $gc_divisor = "")
{
if ($gc_maxlifetime != "" && is_integer($gc_maxlifetime)) {
@ini_set('session.gc_maxlifetime', $gc_maxlifetime);
}
if ($gc_probability != "" && is_integer($gc_probability)) {
@ini_set('session.gc_probability', $gc_probability);
}
if ($gc_divisor != "" && is_integer($gc_divisor)) {
@ini_set('session.gc_divisor', $gc_divisor);
}
$this->sessionLifetime = ini_get("session.gc_maxlifetime");
session_write_close();
session_set_save_handler(
array(&$this, 'open'),
array(&$this, 'close'),
array(&$this, 'read'),
array(&$this, 'write'),
array(&$this, 'destroy'),
array(&$this, 'gc')
);
register_shutdown_function('session_write_close');
@session_start();
}
function open($save_path, $session_name)
{
$mySQLHost = "localhost";
$mySQLUsername = "username";
$mySQLPassword = "password";
$mySQLDatabase = "rst_sessions";
$link = mysql_connect($mySQLHost, $mySQLUsername, $mySQLPassword);
if (!$link) {
die ("Could not connect to database!");
}
$dbc = mysql_select_db($mySQLDatabase, $link);
if (!$dbc) {
die ("Could not select database!");
}
return true;
}
function close()
{
mysql_close();
return true;
}
function read($session_id)
{
$result = @mysql_query("
SELECT
session_data
FROM
session_data
WHERE
session_id = '".$session_id."' AND
http_user_agent = '".$_SERVER["HTTP_USER_AGENT"]."' AND
session_expire > '".time()."'
");
if (is_resource($result) && @mysql_num_rows($result) > 0) {
// return found data
$fields = @mysql_fetch_assoc($result);
// don't bother with the unserialization - PHP handles this automatically
return $fields["session_data"];
}
return "";
}
function write($session_id, $session_data)
{
// first checks if there is a session with this id
$result = @mysql_query(" SELECT *FROM session_data WHERE session_id = '".$session_id."'");
if (@mysql_num_rows($result) > 0)
{
$result = @mysql_query(" UPDATE session_data
SET
session_data = '".$session_data."',
session_expire = '".(time() + $this->sessionLifetime)."',
account_id = '" . $_SESSION['account']['account_id'] . "',
username = '" . $_SESSION['users']['username'] . "',
report_logo_path = '". $_SESSION['path_to_report_logo'] . '/' . $_SESSION['report_logo_img'] . "',
report_footer_all = '". $_SESSION['report_footer_all'] . "',
report_footer_summary= '". $_SESSION['report_footer_summary'] . "'
WHERE
session_id = '".$session_id."'
");
// if anything happened
if (@mysql_affected_rows())
{
return true;
}
}
else // if this session id is not in the database
{
$sql = "
INSERT INTO
session_data
(
session_id,
http_user_agent,
session_data,
session_expire,
account_id,
username
)
VALUES
(
'".serialize($session_id)."',
'".$_SERVER["HTTP_USER_AGENT"]."',
'".$session_data."',
'".(time() + $this->sessionLifetime)."',
'".$_SESSION['account']['account_id']."',
'".$_SESSION['users']['username']."'
)
";
$result = @mysql_query($sql);
if (@mysql_affected_rows())
{
// return an empty string
return "";
}
}
// if something went wrong, return false
return false;
}
}
?>
UPDATE: I've uncommented out the line in the php.ini file to allow the session to be written to a file instead of the DB, and I put session_start() on the right spots. So I've been able to rule out the code in other spots. This problem only occurs when using the database to store sessions, which is a requirement, so if there are any other ideas out there that could help me resolve this, let me know. thanks.
ORIGINAL POST: I'm having difficulty figuring out what's going on here, hoping some one can help me out.
I have been using php, mysql storing my session information in the database. The app is only running on localhost, vista. In the php.ini file I commented out the "session.save_handler = files" line and am using a php class to handle the session writes/reads, etc.
My login process is this: Submit login credentials via login.php. login.php calls loginprocess.php. loginprocess.php verifies user, and if valid starts a new session and adds data to the session vars, then it redirects to index.php.
Here's the problem. the loginprocess.php page has a bunch of session vars that get set like $_SESSION['account_id'] = $account_id; etc. but when I go to index.php and do a var_dump($_SESSION) it just says "array() empty". However, if I do a var_dump($_SESSION) in loginprocess.php, just before the redirection line header("Location: ../index.php"); then it shows all the data in the session variable. If I look in the database where the session information is stored, there is data in the session_id field, created_ts field, and expires field, but the session_data field has nothing inside of it and in the past this is the field where all my session data was stored.
How could I be able to var_dump the session in loginprocess.php, but the data not exist in the db table, is it using some kind of caching? I cleared my cookies, etc...but no change.
Why is the session_id, being written to the table, but the actual session data is not?
Any ideas are appreciated. Thanks.
Look at the serialize() function, and consider using it before writing to the database; and the corresponding unserialize() when reading
To access the session data on PHP you need session_start before.