DB eSession

This package is meant to manage session data stored in a MySQL database using PHP built-in session handling support.

General features:

- Stores session data in a MySQL table using session handler built-in PHP.
- Handle session expiration and cleanup.
- Supports the changes of session related configuration settings (including of PHP 5).
- Allows for normal or persistent MySQL database connections.
- Access to opened MySQL resource connection to use in your script.
- Can use a previously open database connection resource handle.
- Supports session identifiers with between 12 and 32 characters long.
- Custom or changeable database, table and column names.
- Has an option to create new session identifiers (you supply, class or PHP builds).
- Can initiate buffered output (using ob_start) within the class.
- A session_start() automatically initiated within the class.
- Can send 'Cache-Control:' header output within the class (fixes IE6 bug).
- Ability to retrieve a specific sessions expiration date and time.
- Retrieve current session life setting in seconds or minutes.
- Retrieve a numeric total of the number of active and inactive sessions in table.
- Facility to make assignment and retrieval of session variables easier.
- Has the ability to create manual URIs and links that include session name and ID.
- Has the ability to retrieve what the MySQL server version number is.
- An adequate form of encryption and decryption functions are included and used automatically when libmcrypt is not installed.

Security features:

- Standard user inactivity time-out handled automatically.
- Absolute user logoff time-out capability (session will be terminated no matter what after a number of designated minutes and seconds have elapsed).
- Ability to lock and unlock a particular session or all sessions. When a session is locked, it is immediately not available for use.
- User to session verification using IP address and browser information.
- Security level (code) clearance for each session or web page.
- Encrypt and decrypt as desired each session field.
- Encrypt and decrypt an extra session field to compare against original (to detect against possible tampering).
- Encrypt and decrypt the whole session data in the table (essentially obscuring session variable names in table). Can be used in combination with per session field encryption, resulting in double encryption security.
- A new encryption initialization vector is created every time values change.
- Ability to manually delete a particular session or all sessions.
- The users IP address and web browser is recorded as part of the session for tracing information.

Other features:

- Support for multiple language error and warning messages.
- Support of a default language as well as current active language settings.
- Basic or detailed (with SQL syntax) error and warning reporting.
- Buffered error and warning messages.
- Option for class to stop execution or not upon encountering an error and warning. Class can display errors and warnings automatically or control in your script.
- Can select font color and size separately for error and warning messages.
- The code has lots of comments and formatted within 82 characters wide.
- Full documentation (only provided in English) is included.
- Code use examples provided, including a basic authentication (login/logout) process.
- SQL text file provided for creating the MySQL session table.