Navigation

PHP Session Management using MySQL and PDO

session_db.png
session_cookie.png

While working on WiredCMS, I came across an Issue that I wanted to take care of while it was fresh in my mind. How do I store sessions in a database, rather than a flat file?

There are several reasons I wanted to do this. The main reason being the ability to load balance if needed, and because then I can query sessions from the database to see who is logged in much easier as well.

I came across a great article from DevShed giving an overview of how to do this. The only difference was that the author of this article used his own proprietary functions to query the database. Below is my finished SessionManager class, as well as the DbCreator class to create the PDO object, using the PDO abstraction layer to connect to the database.

dbcreator.inc.php

  1. <?php
  2. /**
  3. *DBCreator will create a PDO object that corresponds to database settings
  4. *If more than one server/host or database is used, this will make the change
  5. *pretty seamless.
  6. *@author Mike Conway
  7. *@copyright 2008, Mike Conway
  8. *@since 01-May-2008
  9. */
  10.  
  11. class DBCreator{
  12.         /**
  13.         *creates a PDO object - will not initialize duplicate objects
  14.         *@param $database - The database to attach the PDO object to
  15.         *@return - returns the PDO object for the given database.
  16.         */
  17.         public static function GetDbObject($database){
  18.                 // We need to make this more secure - dont store UN and PW in plain text.
  19.                 //Also, make it more dynamic to accept data from an install script for a fully unknown database
  20.                 static $db_pdo;
  21.                 if (!isset($db_pdo)){
  22.                         $db_pdo = array();
  23.                 }
  24.                 if (array_key_exists($database, $db_pdo) == false){
  25.                         $host = 'dbhost';
  26.                         $user = 'dbuser';
  27.                         $pass = 'dbpass';
  28.                         $dsn = 'mysql:dbname=' . $database .';host='. $host;
  29.                         try {
  30.                                 $pdo = new PDO($dsn, $user, $pass);
  31.                         } catch (PDOException $e) {
  32.                                 die('Connection failed: ' . $e->getMessage());
  33.                         }
  34.                         $db_pdo[$database] = $pdo;
  35.                 }
  36.                 return $db_pdo[$database];
  37.         }
  38. }
  39. ?>

sessionmanager.inc.php

  1. <?php
  2. /*
  3.  * Created on May 22, 2008
  4.  *
  5.  * To change the template for this generated file go to
  6.  * Window - Preferences - PHPeclipse - PHP - Code Templates
  7.  * from http://www.devshed.com/c/a/PHP/Storing-PHP-Sessions-in-a-Database/
  8.  * require_once("sessions.php");
  9.  * $sess = new SessionManager();
  10.  * session_start();
  11.  */
  12.  class SessionManager {
  13.    var $life_time;
  14.    private $DB;
  15.    function __construct() {
  16.       // Read the maxlifetime setting from PHP
  17.       $this->life_time = get_cfg_var("session.gc_maxlifetime");
  18.       $this->DB = DBCreator::GetDbObject('db_name');
  19.       // Register this object as the session handler
  20.       session_set_save_handler(
  21.         array( &$this, "open" ),
  22.         array( &$this, "close" ),
  23.         array( &$this, "read" ),
  24.         array( &$this, "write"),
  25.         array( &$this, "destroy"),
  26.         array( &$this, "gc" )
  27.       );
  28.    }
  29.  
  30.    function open( $save_path, $session_name ) {
  31.       global $sess_save_path;
  32.       $sess_save_path = $save_path;
  33.       // Don't need to do anything. Just return TRUE.
  34.       return true;
  35.    }
  36.  
  37.    function close() {
  38.       return true;
  39.    }
  40.  
  41.    function read($id) {
  42.       // Set empty result
  43.       $data = '';
  44.       // Fetch session data from the selected database
  45.       $time = time();
  46.       $sql = $this->DB->prepare("SELECT `session_data` FROM `cms_sessions` WHERE `session_id` = :id AND `expires` > :time");
  47.       $sql->bindParam(':id',$id);
  48.       $sql->bindParam(':time',$time);
  49.       $sql->execute();                          
  50.       $a = $sql->rowCount();
  51.       if($a > 0) {
  52.         $row = $sql->fetch(PDO::FETCH_ASSOC);
  53.         $data = $row['session_data'];
  54.       }
  55.       return $data;
  56.    }
  57.  
  58.    function write( $id, $data ) {
  59.       // Build query                
  60.       $time = time() + $this->life_time;
  61.       $sql = $this->DB->prepare("REPLACE `cms_sessions` (`session_id`,`session_data`,`expires`) VALUES(:id, :data, :time)");
  62.       $sql->bindParam(':id',$id);
  63.       $sql->bindParam(':data',$data);
  64.       $sql->bindParam(':time',$time);
  65.       $sql->execute();
  66.       return TRUE;
  67.    }
  68.  
  69.    function destroy( $id ) {
  70.       // Build query
  71.       $sql = $this->DB->prepare("DELETE FROM `cms_sessions` WHERE `session_id` = :id");
  72.       $sql->bindParam(':id',$id);
  73.       $sql->execute();
  74.       return TRUE;
  75.    }
  76.  
  77.    function gc() {
  78.       // Garbage Collection
  79.       // Build DELETE query.  Delete all records who have passed the expiration time
  80.       $sql = $this->DB->prepare("DELETE FROM `cms_sessions` WHERE `expires` < UNIX_TIMESTAMP();");
  81.       $sql->execute();
  82.       // Always return TRUE
  83.       return true;
  84.    }
  85. }
  86. ?>

To implement the SessionManager class:

  1. require_once("./includes/sessionmanager.inc.php");
  2. $sess = new SessionManager();
  3. session_start();

Posted May 23rd, 2008 by Michael

OS Independence

vmware.jpg

Yesterday I wrote this post, and it got lost due to a tragic fatality of my Firefox browser, So I will try again:

Lately I have been getting bit by the Linux bug, and I have had no outlet. Sure, I tried surfing the Linux forums, mailing lists and just tried to keep up on Linux releases, but that can only go so far. I needed hands-on play-time!

A client of mine that I do some work for turned me onto the idea of running Virtual Machines. While I wasn't sure my PC was quite up to par as far as specs go for this type of use, I gave it a shot.

The first Virtualization App I tried out was Microsoft VirtualPC 2007. I got as far as creating the first VM, and realized it would not do Linux, and scrapped it.

I started browsing the internet for free open source solutions, when I came across VMWare's VMserver. This is simply the free desktop version of their enterprise Virtual Center solution. Not only does VMserver support Linux, it supports UNIX and MAC OS X.

I spent the better part of Friday night and Saturday playing around with the different features, and installed Linux several times successfully. Man, it feels good to have Linux back. For my fiance, who has missed her Mac Mini since I "convinced" her to sell it, I installed OS X. While I haven't been able to test out this install, it does seem to have worked correctly.

As far as Linux, For those of you wondering what flavor I went for, I chose my favorite: Debian. I'm running a mixed box with the SID kernel tools, and mostly stable packages. I also started with GNOME, but after a reinstall, I went with XFCE, and I must say, I am in love with the XFCE environment. It's resource light, not bloated and looks better than Gnome.

Let this mark the trigger for more Linux posts!

Posted May 20th, 2008 by Michael

GRR

So I had this wonderful Post typed up, and was trying to attach an image and Firefox Crashed, because my PC at work is very unstable and that happens alot, and I am too lazy to use MS Word to write posts.. I lost it all. Maybe I'll get the motivation to write it all again.

Posted May 19th, 2008 by Michael

WiredCMS

Ive been spending alot of my free time on WiredCMS the last few days, and the admin backend is starting to take shape. Not only can a user log in or out, you can also register a new account. There is also permissions checking in force to validate you to the admin backend. From here, you can view the user list, and delete users. Soon I will have user accounts getting updated, but I have to create user profiles for this to work.

I would be happy to show it all to you, but unfortunately it is still unstyled. Once the backend is complete I have plans to put up a demo. Stay Tuned!

Posted May 16th, 2008 by Michael

The Eclipse SDK

eclipse_home_header.jpg

The past week or so, I have been diligently working with a CMS I am writing as a project, as well as trying to learn ColdFusion. ColdFusion itself is pretty easy to understand, but it is not the best language to use an editor like Notepad++ on, as it has many MANY attributes for tags and functions.

The person I have been working very closely with this on turned me onto an application called Eclipse. This base application is aimed at Java development, but with an add on called CFEclipse, it is turned into a powerful Development environment for ColdFusion.

Once I started using Eclipse, I looked around for add ons for PHP, which I found with PHP Eclipse. On top of that, I also found for Javascript and jQuery development.

After the past week or so of using Eclipse, i don't think I can ever go back to using a plain text editor, or even Notepad++, which is my old editor of choice. With all the tools at my disposal in Eclipse, it takes the burden off of developing apps.

My favorite feature of Eclipse is the fact that hovering over any function, self defined or built-in will result in a tool tip showing arguments required. It also allows you to hover over a variable and shows all instances int eh entire application that the variable exists.

Now, at the beginning of this post, I mentioned that I am writing a CMS. This is true, and in the very early stages of development. So far, user functions include session based login and logout, with a handful of other features. Once this is more mature, I will consider posting a Demo site. I have big plans for this, and Hope that it can replace Drupal for Wiredbyte some day.

The details so far include:

  • This is written in PHP 5 using object Oriented programming
  • Templating will be handled by the Smarty engine
  • The user Interface will be Powered by jQuery, but fully degradeable to standard static HTML (blah)
Posted May 13th, 2008 by Michael

Maploco!

maploco.png

Ahhhh, Mondays - the time where no one wants to work, yet the most work of the week is generated.

I was browsing my usual haunts online and i came across a small map that shows the relative geolocations of site visitors. I thought this was quite interesting and visited the parent site of the image - MapLoco.

The setup takes all of about 3 seconds, just choose the map graphic and the symbol to use, then copy and paste the HTML they generate for you. I have added this to the sidebar on the site to see how well it works. Unfortunately I made it a little small, but it can be enlarged by simply clicking the image.

Posted May 5th, 2008 by Michael

DOH!

doh.jpg

I was working on some other projects today when I had a small mental 'sticky' note come to mind... I forgot to add the "new account' links to the site! DOH!

While i get this fixed, you can use this to take you to a page to create a new account, or remind you of a forgotten password. I apologize for this oversight.

During this time, I have also noticed that user profiles are not working. These will be up shortly.

Update:Profiles are now functional!

Posted April 30th, 2008 by Michael

Site Upgrade - Done

fella.jpg

Sorry for the lack of warning, but the site is officially updated! I still have to go through all of the old posts and update them, so some posts will be teasers, and not have images. This will change over the next week or so.

Wiki and Forums are unavailable at this time, I'm sorry for the inconvenience. Also, as old posts get updated, thier URL paths are going to change, so bookmarks to them will become broken - just fair warning.

All-in-all I am very happy with the update. What does everyone think?

Posted April 27th, 2008 by Michael

Modifying the jQuery UI Sortables Serial Function

Since jQuery interface is no longer supported, Most developers are moving to jQuery UI. The UI sortables is taking the place of Interface, and can even serialize the results.

The serialize function however lacks one large feature: a useful way to serialize the data.

By default, the string returned looks similar to:

  1. element[]=1&element[]=2

The downfall to using the default serialize method, is that the sortable IDs must have a _ in them, otherwise serialize will return blank results.

I do not want to use _ in my ids, as the function to generate the data was already written and working. I also need to pass more data than one element to my functions for processing. The Interface serialize string worked perfectly for what I was trying to do, and was actually a hash that looked like:

  1. elementParent1[]=Child1&elementParent1[]=Child2

I therefore changed the serialize function in UI sortables to return the more verbose string, which was really quite easy.

On lines 143-146 of ui.sortables.js:

  1. items.each(function() {
  2.         var res = ($(this).attr(o.attribute || 'id') || '').match(o.expression || (/(.+)[-=_](.+)/));
  3.         if(res) str.push((o.key || res[1])+'[]='+(o.key ? res[1] : res[2]));
  4. });

Change this function to:

  1. items.each(function() {
  2.         str.push($(this).parent().attr("id") +'[]='+this.getAttribute(o.attribute || 'id'));
  3. });

Once this is done, save the modified file, and you are set!

Posted April 25th, 2008 by Michael

Interface Demo with jQuery UI - Part 1 - Correction

The example written yesterday for the UI sortables demo is incorrect. I was using UI 1.5b, and downloaded 1.5b2 this morning.

[nodeinfo|95|body|0.97641300 1209130936]The example written yesterday for the UI sortables demo is incorrect. I was using UI 1.5b, and downloaded 1.5b2 this morning.

The old requirements for sortables no longer applies, so please forgive me as I post the correction to the includes.

Include the following scripts in your HTML header:

  1. <script type="text/javascript" src="jquery.ui/1.5b2/jquery-1.2.4a.js"></script>
  2. <script type="text/javascript" src="jquery.ui/1.5b2/ui.base.js"></script>
  3. <script type="text/javascript" src="jquery.ui/1.5b2/ui.sortable.js"></script>

The full example has also been updated to reflect this change.

Posted April 25th, 2008 by Michael