|Last Updated|| ||Ratings|| ||Unique User Downloads|| ||Download Rankings|
|2017-10-10 (7 days ago) ||Not enough user ratings||Total: 295 This week: 28||All time: 7,145 This week: 26|
This class implements a handler for storing session data in MySQL.
This is class based on Zebra_Session from Stefan Gabos that registers session handler functions to store and retrieve session data from MySQL databases using MySQLi.
It uses row locks to lock only individual session database table records while the current script session is being accessed.
|By default PHP stores information of session variables in files, but applications can provide their own session handlers and store session data in other storage containers like databases. It is common to store session data in MySQL databases.
One issue to be concerned with sessions is that only one script can change session data at a time of a given user.
For databases, transactions could be used to prevent that multiple scripts try to change the same user session data in a way that could cause inconsistency.
However, the use of sessions may cause that the table that contains session data records locks the access to session records of all users.
This class provides a better solution by using row level locking, thus allowing that session records of different users be changed at the same time by different scripts.
A drop-in replacement for PHP's default session handler which stores session data in a database, providing both better performance and better security and protection against session fixation and session hijacking.
Session2DB implements session locking - a way to ensure that data is correctly handled in a scenario with multiple concurrent AJAX requests.
It is also a solution for applications that are scaled across multiple web servers (using a load balancer or a round-robin DNS) and where the user's session data needs to be available. Storing sessions in a database makes them available to all of the servers!
The library supports "flashdata" - session variable which will only be available for the next server request, and which will be automatically deleted afterwards. Typically used for informational or status messages (for example: "data has been successfully updated").
Session2DB is was inspired by John Herren's code from the Trick out your session handler article and Chris Shiflett's articles about PHP sessions.
The code is heavily commented and generates no warnings/errors/notices when PHP's error reporting level is set to E_ALL.
- acts as a wrapper for PHP?s default session handling functions, but instead of storing session data in flat files it stores them in a database, providing better security and better performance
- it is a drop-in and seamingless replacement for PHP?s default session handler: PHP sessions will be used in the same way as prior to using the library; you don?t need to change any existing code!
- implements row locks, ensuring that data is correctly handled in scenarios with multiple concurrent AJAX requests
- because session data is stored in a database, the library represents a solution for applications that are scaled across multiple web servers (using a load balancer or a round-robin DNS)
- has comprehensive documentation
- the code is heavily commented and generates no warnings/errors/notices when PHP?s error reporting level is set to E_ALL
PHP 5+ with the mysqli extension activated, MySQL 4.1.22+
How to install
composer require voku/session2db
How to use
After installing, you will need to initialise the database table from the install directory from this repo, it will containing a file named session_data.sql. This file contains the SQL code that will create a table that is used by the class to store session data. Import or execute the SQL code using your preferred MySQL manager (like phpMyAdmin or the fantastic Adminer) into a database of your choice.
*Note that this class assumes that there is an active connection to a MySQL database and it does not attempt to create one!
// include autoloader
$db = DB::getInstance('yourDbHost', 'yourDbUser', 'yourDbPassword', 'yourDbName');
// $db = DB::getInstance('localhost', 'root', '', 'test');
$session = new Session2DB();
// from now on, use sessions as you would normally
// this is why it is called a "drop-in replacement" :)
$_SESSION['foo'] = 'bar';
// data is in the database!
||Applications that use this package
No pages of applications that use this class were specified.
If you know an application of this package, send a message to the author to add a link here.