This class uses a database for session management opposed to
flat file. It replaces the built in php session management.
In addition to using a database for storing session data, if
your server is equipped with APC it will cache the session data
for a brief time reducing the number of database calls needed
for your session based web application to properly function.
APC is a soft dependency, the class will use it if it is available
but the class is 100% fully functional on servers without APC.
Note that even though APC will reduce necessary database calls when
reading session data, writing session data still always will require
a database call. This is necessary because data in an APC cache can
be deleted before it expires if the cache runs out of allocated
memory or is otherwise completely dumped.
Database connection is done with Pear::MDB2.
MDB2 is a hard dependency. The class should work with any database
that is properly supported by MDB2, but I have only tested it with
The class was originally written by Rich Smith 2007-05-02 and
published on the web at
I ported the class to use MDB2 and added the APC cache functions.
public $sesstable = 'new_sessions';
Change to the DB table name you are using for session
private $apcSalt = '2d8lyds45a@&0KLybafz';
Used to obfuscate the sessions in the APC cache to make
it more difficult for a cracker to get session IDs if they
manage to get a dump of the APC cache. It would be a good
idea to change the string to something else on your install
of this class.
private $apcMaxLife = 1500;
Lifetime of the session cache. It is intentionally somewhat
short (25 minutes) to reduce the likelihood of session data
filling your APC cache causing other cached content to be
dropped. Most user sessions will be less than 25 minutes on
most web sites, and when it does expire in cache, the session
data can still be retrieved from the database, so no harm is
done to session management by using a short cache life.
CREATING THE DATABASE
The following works to create a database in MySQL. Adjust it for
CREATE TABLE new_sessions (
session_id varchar(32) NOT NULL default '',
expires int(11) NOT NULL default '0',
PRIMARY KEY (session_id)
) ENGINE = MYISAM;
USING THE CLASS
Before your php script starts a session, require the file containing
the class and pass it the handle of your MDB2 connection. For example:
require_once('db_connect.inc.php'); // file where you set mdb2 handle
ini_set('session.cookie_httponly',1); // suggested for security
$sess = new SessionManager($mdb2); // initialize the class
session_start(); // start the session management
Original Class by Rich Smith: