views:

31

answers:

2

UPDATE (Added the code for the class that does the read/write)

<?php
error_reporting(E_ALL);

class dbSession
{
    function dbSession($gc_maxlifetime = "", $gc_probability = "", $gc_divisor = "")
    {
        if ($gc_maxlifetime != "" && is_integer($gc_maxlifetime)) {
            @ini_set('session.gc_maxlifetime', $gc_maxlifetime);
        }
        if ($gc_probability != "" && is_integer($gc_probability)) {
            @ini_set('session.gc_probability', $gc_probability);
        }
        if ($gc_divisor != "" && is_integer($gc_divisor)) {
            @ini_set('session.gc_divisor', $gc_divisor);
        }
        $this->sessionLifetime = ini_get("session.gc_maxlifetime");
        session_write_close(); 

        session_set_save_handler(
            array(&$this, 'open'),
            array(&$this, 'close'),
            array(&$this, 'read'),
            array(&$this, 'write'),
            array(&$this, 'destroy'),
            array(&$this, 'gc')
        );
        register_shutdown_function('session_write_close');
        @session_start();
    }

    function open($save_path, $session_name)
    {
        $mySQLHost = "localhost";
        $mySQLUsername = "username";
        $mySQLPassword = "password";
        $mySQLDatabase = "rst_sessions";

        $link = mysql_connect($mySQLHost, $mySQLUsername, $mySQLPassword);

        if (!$link) {

            die ("Could not connect to database!");

        }

        $dbc = mysql_select_db($mySQLDatabase, $link);

        if (!$dbc) {

            die ("Could not select database!");

        }

        return true;

    }

    function close()
    {
        mysql_close();
        return true;
    }

    function read($session_id)
    {

        $result = @mysql_query("
            SELECT
                session_data
            FROM
                session_data
            WHERE
                session_id = '".$session_id."' AND
                http_user_agent = '".$_SERVER["HTTP_USER_AGENT"]."' AND
                session_expire > '".time()."'
        ");

        if (is_resource($result) && @mysql_num_rows($result) > 0) {

            // return found data
            $fields = @mysql_fetch_assoc($result);
            // don't bother with the unserialization - PHP handles this automatically
            return $fields["session_data"];

        }
        return "";
    }

    function write($session_id, $session_data)
    {

        // first checks if there is a session with this id
        $result = @mysql_query(" SELECT *FROM session_data WHERE session_id = '".$session_id."'");
        if (@mysql_num_rows($result) > 0) 
        {
            $result = @mysql_query(" UPDATE session_data
                SET
                    session_data = '".$session_data."',
                    session_expire = '".(time() + $this->sessionLifetime)."',
                    account_id = '" . $_SESSION['account']['account_id'] . "',
                    username = '" . $_SESSION['users']['username'] . "', 
                    report_logo_path = '". $_SESSION['path_to_report_logo'] . '/' . $_SESSION['report_logo_img'] . "',
                    report_footer_all = '". $_SESSION['report_footer_all'] . "',
                    report_footer_summary= '". $_SESSION['report_footer_summary'] . "'
                WHERE
                    session_id = '".$session_id."'
            ");

            // if anything happened
            if (@mysql_affected_rows()) 
            {
                return true;
            }


        } 
        else // if this session id is not in the database
        {
            $sql = "
                INSERT INTO
                    session_data
                        (
                            session_id,
                            http_user_agent,
                            session_data,
                            session_expire,
                            account_id,
                            username
                        )
                    VALUES
                        (
                            '".serialize($session_id)."',
                            '".$_SERVER["HTTP_USER_AGENT"]."',
                            '".$session_data."',
                            '".(time() + $this->sessionLifetime)."',
                            '".$_SESSION['account']['account_id']."',
                            '".$_SESSION['users']['username']."'    
                        )
            ";

            $result = @mysql_query($sql);

            if (@mysql_affected_rows()) 
            {
                // return an empty string
                return "";
            }

        }

        // if something went wrong, return false
        return false;

    }

}
?>

UPDATE: I've uncommented out the line in the php.ini file to allow the session to be written to a file instead of the DB, and I put session_start() on the right spots. So I've been able to rule out the code in other spots. This problem only occurs when using the database to store sessions, which is a requirement, so if there are any other ideas out there that could help me resolve this, let me know. thanks.


ORIGINAL POST: I'm having difficulty figuring out what's going on here, hoping some one can help me out.

I have been using php, mysql storing my session information in the database. The app is only running on localhost, vista. In the php.ini file I commented out the "session.save_handler = files" line and am using a php class to handle the session writes/reads, etc.

My login process is this: Submit login credentials via login.php. login.php calls loginprocess.php. loginprocess.php verifies user, and if valid starts a new session and adds data to the session vars, then it redirects to index.php.

Here's the problem. the loginprocess.php page has a bunch of session vars that get set like $_SESSION['account_id'] = $account_id; etc. but when I go to index.php and do a var_dump($_SESSION) it just says "array() empty". However, if I do a var_dump($_SESSION) in loginprocess.php, just before the redirection line header("Location: ../index.php"); then it shows all the data in the session variable. If I look in the database where the session information is stored, there is data in the session_id field, created_ts field, and expires field, but the session_data field has nothing inside of it and in the past this is the field where all my session data was stored.

How could I be able to var_dump the session in loginprocess.php, but the data not exist in the db table, is it using some kind of caching? I cleared my cookies, etc...but no change.

Why is the session_id, being written to the table, but the actual session data is not?

Any ideas are appreciated. Thanks.

A: 

Look at the serialize() function, and consider using it before writing to the database; and the corresponding unserialize() when reading

Mark Baker
Thanks for the reply mark. In the write() function I replaced $session_data with serialize($session_data) in the sql statement, then in the read() function I put return unserialize($fields["session_data"]) in place of the return $fields["session_data"]; but still the same thing. Am I putting it in the wrong place?
Ronedog
+1  A: 

To access the session data on PHP you need session_start before.

Ronaldo Junior
u need session_start on each of your pages
f00
In the class there is a session_start that gets instantiated every time the object gets created. I've made sure all pages have an instantiated object, but still the same results.
Ronedog
I had problems with session variables being populated just before a call to header(location...) before.It just didnt work and I was about to get nuts - then I found this on the PHP help page:<?session_start();$_SESSION['mySession'] = "hello";header ("Location: xpage.php");exit(); //This sentence do the magic?>Try this and let us know.Cheers.
Ronaldo Junior
Thanks Ronalod, but I couldn't make it work. Heres what I got: "A session had already been started - ignoring session_start()" when I put the session_start() right before the header() call...which means the class i'm using was instantiated correctly and started the session...I am about to go nuts though...really depressed with this one...spent 8 months on a project almost ready for beta and now I can't even login because of some little change I can't see.
Ronedog