Knowledge Base

Storing Sessions in a Database

Storing Sessions in a Database

The top reasons for this desire are:

*The application needs to be able to run on multiple servers without server affinity (methods that direct requests from the same client to the same server). An easy way to make sure that sessions continue to work properly is to store sessions in a central database that is common to all servers.
*The application needs to be able to run on a shared host, where there are significant security concerns associated with storing session data in the filesystem.
*The performance needs of the application are very demanding and require a more sophisticated storage solution for session data. There are many existing ideas and methodologies that address database performance issues, and these can be used when sessions are stored in a database.
Before you store session into database you need follow following step.

Step 1: Create table name sessions .

CREATE TABLE sessions (
id varchar(32) NOT NULL,

access int(10) unsigned,

data text,

PRIMARY KEY (id)

);

Step 2: Call php function session_set_save_handler() function before session start.This function having six parameter.
e.g.

session_set_save_handler(‘_open’,’_close’,’_read’,’_write’,’_destroy’,’_clean’);

session_start();

?>

These functions are responsible for the following tasks:

Opening the session data store
Closing the session data store
Reading session data
Writing session data
Destroying all session data
Cleaning out old session data
The real beauty of this approach is that you don’t have to modify your code or the way you use sessions in any way. $_SESSION still exists and behaves the same way.

Step 3: Define all function

function _open()

{

global $_sess_db;

if ($_sess_db = mysql_connect(‘localhost’, ‘root’, ”)) {

return mysql_select_db(‘itshot-session’, $_sess_db);

}

return FALSE;

}

function _close()

{

global $_sess_db;

return mysql_close($_sess_db);

}

function _read($id)

{

global $_sess_db;

$id = mysql_real_escape_string($id);

$sql = “SELECT data

FROM sessions

WHERE id = ‘$id'”;

if ($result = mysql_query($sql, $_sess_db)) {

if (mysql_num_rows($result)) {

$record = mysql_fetch_assoc($result);

return $record[‘data’];

}

}

return ”;

}

function _write($id, $data)

{

global $_sess_db;

$access = time();

$id = mysql_real_escape_string($id);

$access = mysql_real_escape_string($access);

$data = mysql_real_escape_string($data);

$sql = “REPLACE

INTO sessions

VALUES (‘$id’, ‘$access’, ‘$data’)”;

return mysql_query($sql, $_sess_db);

}

function _destroy($id)

{

global $_sess_db;

$id = mysql_real_escape_string($id);

$sql = “DELETE

FROM sessions

WHERE id = ‘$id'”;

return mysql_query($sql, $_sess_db);

}

function _clean($max)

{

global $_sess_db;

$old = time() – $max;

$old = mysql_real_escape_string($old);

$sql = “DELETE

FROM sessions

WHERE access < '$old'"; return mysql_query($sql, $_sess_db); } ?>