how to implement enhanced session handling in PHP
Posted
by praksant
on Stack Overflow
See other posts from Stack Overflow
or by praksant
Published on 2010-05-10T10:37:41Z
Indexed on
2010/05/10
10:44 UTC
Read the original article
Hit count: 278
Hi, i'm working with sessions in PHP, and i have different applications on single domain. Problem is, that cookies are domain specific, and so session ids are sent to any page on single domain. (i don't know if there is a way to make cookies work in different way). So Session variables are visible in every page on this domain. I'm trying to implement custom session manager to overcome this behavior, but i'm not sure if i'm thinking about it right.
I want to completely avoid PHP session system, and make a global object, which would store session data and on the end of script save it to database.
- On first access i would generate unique session_id and create a cookie
- On the end of script save session data with session_id, timestamps for start of session and last access, and data from $_SERVER, such as REMOTE_ADDR, REMOTE_PORT, HTTP_USER_AGENT.
- On every access chceck database for session_id sent in cookie from client, check IP, Port and user agent (for security) and read data into session variable (if not expired).
- If session_id expired, delete from database.
That session variable would be implemented as singleton (i know i would get tight coupling with this class, but i don't know about better solution).
I'm trying to get following benefits:
- Session variables invisible in another scripts on the same server and same domain
- Custom management of session expiration
- Way to see open sessions (something like list of online users)
i'm not sure if i'm overlooking any disadvantages of this solution. Is there any better way?
Thank you!!
© Stack Overflow or respective owner