PHP Classes


Recommend this page to a friend!
  Classes of Francesco Danti   ATK4 Session   Download  
Role: Documentation
Content type: text/markdown
Description: Documentation
Class: ATK4 Session
Store and retrieve PHP session data in a database
Author: By
Last change:
Date: 4 years ago
Size: 3,500 bytes


Class file image Download


Codacy Badge

Session handler for atk4\data\Persistence (@see

initialize without atk4\ui

// autoload
include '../vendor/autoload.php';

// create pesistence
$db = \atk4\data\Persistence::connect('mysql://root:password@localhost/atk4');

// init session handler
new \atk4\ATK4DBSession\SessionHandler($p);

initialize with atk4\ui in App::init method

$this->add(new AppSessionHandler());

Create session table using atk4\schema

(new \atk4\schema\Migration\MySQL(new \atk4\ATK4DBSession\SessionModel($p)))->migrate();


Create session table with SQL query

CREATE TABLE `session` (
  `session_id` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
  `data` text COLLATE utf8_unicode_ci,
  `created_on` timestamp NULL DEFAULT NULL,
  `updated_on` timestamp NULL DEFAULT NULL,
  PRIMARY KEY (`id`),
  KEY `session_id` (`session_id`)

Constructor of SessionHandler

 * SessionHandler constructor.
 * @param \atk4\data\Persistence    $p                      atk4 data persistence 
 * @param int                       $gc_maxlifetime         seconds until session expire
 * @param float                     $gc_probability         probability of gc for expired sessions 
 * @param array                     $php_session_options    options for session_start
public function __construct($p, $gc_maxlifetime = null, $gc_probability = null, $php_session_options = [])


max session lifetime before eligible to gc, default value is set to 60 * 60 secods = 1 hour


percentage of probability of gc expired sessions, default is set to 1/1000 request. You have to consider few things for tweaking this value, because it must be sized to your project

if you use InnoDB deletes are slow and if set it low too many calls will have a little delay, if you set too high few calls will have a huge delay.

Considering disable it setting this value to false and use an alternative method like cronJob with frequency /2 * that calls code like example : demos/cronjob.php

Why i need to replace the default PHP Session Handler with this?

Because of file locking ( here a good article about the argument link)

Every call that use sessions read a file and set a lock on it until release or output, to prevent race conditions.

It's clearly a shame to have file locking on things that are usually static, like nowadays sessions.

Using an alternative you'll have for sure race conditions, BUT what race condition can be if you, usually, have only an ID in $_SESSION and that is nearly immutable from login to logout.

SessionHandler will substitute SessionHandler class in PHP and will store session data in database using atk4\data instead of using files.

In atk4\ui where async calls are massively used, this problem is much more evident.

You can add it without breaking your project, it already works, but is still in development and need a strong review for security issue.