tags:

views:

594

answers:

5
Q: 

Implementing own Session Management in PHP

What options are there to implement an own session management in PHP?

Is there a nice way to implement a component which performs all session tasks? How can i construct a class which receives the HTTP Request and Response during one request process? I only found the option "session_save_handler" which seems to define the storage handler. What I need is to replace the whole session management. Is there another way using the PHP configuration or do I have to implement my own controller which receives all requests and calls my session management?

Thanks for your help

Regards Michael

A: 

Using the session_save_handler() function allows to handle how the session information is stored and retrieved.

By default PHP stores the session information in temporary files located somewhere on your web server. You can define callback functions using the session_save_handler() function where you can have this information stored in a database table instead.

Even if you handle sessions with your own defined functions with the session_save_handler() function you would still access the information with the superglobal variable $_SESSIONS.

 2009-07-20 07:36:57
The session_save_handler() function seems not sufficient to me. I need to implement my own ID-generation, -invalidation and so on. Therefore not only the storage of sessions has to be changed but the whole session management itself.
Michael S  2009-07-20 07:39:17
A: 

Hi,

Check out this page from the php online manual. Has lots of useful information with regards to your question. Hope it helps.

Martin Chiteri  2009-07-20 07:47:46
I already found this page, anyway it is about session storage management and not about session management itself - as stated in the comment on JRSofty's post!
Michael S  2009-07-20 07:52:32
+1  A: 

I am not sure, what you want to achieve. It seems more like you want to abstract away from the $_SESSION variable than that you want to change the storage.

Take a look at the way the Zend or the Solar framework handle the Session access.

http://www.phpeveryday.com/articles/Zend-Framework-Session-Introduction-P571.html http://solarphp.org/manual:sessions

How can i construct a class which receives the HTTP Request and Response during one request process?

I don't know, what you mean by receiving the response, but the frameworks have front-/page-controllers which route to the chosen action, then call a method that can access the Session (read/write) and Request (read) objects and generates a Response object which is then rendered through a template.

For automatic testing you can construct your own Request and Session objects and pass them to the page controller.

GrGr  2009-07-20 08:00:47
"It seems more like you want to abstract away from the $_SESSION variable than that you want to change the storage." - Thats not exactly what I want. The best solution would be if I could go on using $_SESSION but in the background my SessionManagement is called instead of PHP's original one.Another example would be session_start() - which initializes MY SessionManagement. Does PHP offer an interface and a configuration possibility for that?
Michael S  2009-07-20 08:08:48
I have never used it, but the first callback argument for session_set_save_handler() is the one that is called on session_start(). So you could plug in your session_id() generation there. To register the methods of an object with ession_set_save_handler() take a look here.http://www.mt-soft.com.ar/2007/12/21/using-a-mysql-database-to-store-session-data/
GrGr  2009-07-20 08:41:10
+2  A: 

No, I'm sorry to say, there is no interface to switch the built in 'modules' to your own. There are some hooks ( e.g: session_save_handler(), set_error_handler() ), and that's unfortunately it.

The $_SESSION is a 'super global' and should IMO not be set directly either way if you're working on a bigger projects. Then it would be better to use a custom class responsible for handling sessions. Will make the code easier to debug and such on.

Stojg  2009-07-20 08:33:15
Could you elaborate as to why it shouldn't be directly set (assuming any data entered by client has been sanitized)?
Sev  2009-07-20 08:55:27
Global state is a very dangerous thing when you programming. That is when a lot of code from various locations can change the 'State' of the applications without you having any good way of telling which code fragment doing it. It will be a hassle to debug. If you're using a class as an entry point, you can at least be sure to trap errors when they entering the system.Have a look at how Misko Hevery explains it in a better way than I am:http://www.youtube.com/watch?v=-FRm3VPhseI
Stojg  2009-07-20 09:00:19
+1  A: 

You said it yourself in one of the comments. Just wrap the $_SESSION in a class. I don't think you can replace it, but you can certainly build your own interface to it.

You could, for example. Build a class that is constructed first thing and call session_start() inside the constructor

David Archer  2009-07-20 08:50:00

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases