UPDATE (Added the code for the class that does the read/write)
<?php
error_reporting(E_ALL);
class dbSession
{
function dbSession($gc_maxlifetime = "", $gc_probability = "", $gc_divisor = "")
{
if ($gc_maxlifetime != "" && is_integer($gc_maxlifetime)) {
@ini_set('session.gc_maxlifetime', $gc_maxlifetime);
}
if ($gc_probability != "" && is_integer($gc_probability)) {
@ini_set('session.gc_probability', $gc_probability);
}
if ($gc_divisor != "" && is_integer($gc_divisor)) {
@ini_set('session.gc_divisor', $gc_divisor);
}
$this->sessionLifetime = ini_get("session.gc_maxlifetime");
session_write_close();
session_set_save_handler(
array(&$this, 'open'),
array(&$this, 'close'),
array(&$this, 'read'),
array(&$this, 'write'),
array(&$this, 'destroy'),
array(&$this, 'gc')
);
register_shutdown_function('session_write_close');
@session_start();
}
function open($save_path, $session_name)
{
$mySQLHost = "localhost";
$mySQLUsername = "username";
$mySQLPassword = "password";
$mySQLDatabase = "rst_sessions";
$link = mysql_connect($mySQLHost, $mySQLUsername, $mySQLPassword);
if (!$link) {
die ("Could not connect to database!");
}
$dbc = mysql_select_db($mySQLDatabase, $link);
if (!$dbc) {
die ("Could not select database!");
}
return true;
}
function close()
{
mysql_close();
return true;
}
function read($session_id)
{
$result = @mysql_query("
SELECT
session_data
FROM
session_data
WHERE
session_id = '".$session_id."' AND
http_user_agent = '".$_SERVER["HTTP_USER_AGENT"]."' AND
session_expire > '".time()."'
");
if (is_resource($result) && @mysql_num_rows($result) > 0) {
// return found data
$fields = @mysql_fetch_assoc($result);
// don't bother with the unserialization - PHP handles this automatically
return $fields["session_data"];
}
return "";
}
function write($session_id, $session_data)
{
// first checks if there is a session with this id
$result = @mysql_query(" SELECT *FROM session_data WHERE session_id = '".$session_id."'");
if (@mysql_num_rows($result) > 0)
{
$result = @mysql_query(" UPDATE session_data
SET
session_data = '".$session_data."',
session_expire = '".(time() + $this->sessionLifetime)."',
account_id = '" . $_SESSION['account']['account_id'] . "',
username = '" . $_SESSION['users']['username'] . "',
report_logo_path = '". $_SESSION['path_to_report_logo'] . '/' . $_SESSION['report_logo_img'] . "',
report_footer_all = '". $_SESSION['report_footer_all'] . "',
report_footer_summary= '". $_SESSION['report_footer_summary'] . "'
WHERE
session_id = '".$session_id."'
");
// if anything happened
if (@mysql_affected_rows())
{
return true;
}
}
else // if this session id is not in the database
{
$sql = "
INSERT INTO
session_data
(
session_id,
http_user_agent,
session_data,
session_expire,
account_id,
username
)
VALUES
(
'".serialize($session_id)."',
'".$_SERVER["HTTP_USER_AGENT"]."',
'".$session_data."',
'".(time() + $this->sessionLifetime)."',
'".$_SESSION['account']['account_id']."',
'".$_SESSION['users']['username']."'
)
";
$result = @mysql_query($sql);
if (@mysql_affected_rows())
{
// return an empty string
return "";
}
}
// if something went wrong, return false
return false;
}
}
?>
UPDATE: I've uncommented out the line in the php.ini file to allow the session to be written to a file instead of the DB, and I put session_start() on the right spots. So I've been able to rule out the code in other spots. This problem only occurs when using the database to store sessions, which is a requirement, so if there are any other ideas out there that could help me resolve this, let me know. thanks.
ORIGINAL POST: I'm having difficulty figuring out what's going on here, hoping some one can help me out.
I have been using php, mysql storing my session information in the database. The app is only running on localhost, vista. In the php.ini file I commented out the "session.save_handler = files" line and am using a php class to handle the session writes/reads, etc.
My login process is this: Submit login credentials via login.php. login.php calls loginprocess.php. loginprocess.php verifies user, and if valid starts a new session and adds data to the session vars, then it redirects to index.php.
Here's the problem. the loginprocess.php page has a bunch of session vars that get set like $_SESSION['account_id'] = $account_id; etc. but when I go to index.php and do a var_dump($_SESSION) it just says "array() empty". However, if I do a var_dump($_SESSION) in loginprocess.php, just before the redirection line header("Location: ../index.php"); then it shows all the data in the session variable. If I look in the database where the session information is stored, there is data in the session_id field, created_ts field, and expires field, but the session_data field has nothing inside of it and in the past this is the field where all my session data was stored.
How could I be able to var_dump the session in loginprocess.php, but the data not exist in the db table, is it using some kind of caching? I cleared my cookies, etc...but no change.
Why is the session_id, being written to the table, but the actual session data is not?
Any ideas are appreciated. Thanks.
