Posted by Kees Nuyt on 06/26/05 23:04

On 25 Jun 2005 17:02:24 -0700, "Google Mike"
<googlemike@hotpop.com> wrote:

>This might be the first time you will hear this, so here goes. My
>caution is that session vars, no matter whether it's ASP, PHP, or
>whatever, are not a good idea beyond anything but simple apps. They're
>useful for simple apps where you only have one web server. But if that
>simple app becomes popular, grows up, and is hosted in a web server
>"farm", the servers will get confused and not consistently maintained
>the state of the session var. In my history of web development,
>everything I did that started off as simple was then ultimately
>converted into something for hundreds of users via a web farm. That's
>just the way it is, I guess. For more powerful apps that use web farms,
>you really only have 4 practical choices:
>
>
>A.
>B.
>C.
>D.
>

I think you should add :

E. Use custom session handlers to store session variables in a
central database. Just needs a little bit of code. It is very
easy to replace file based sessions in an existing application
by database based sessions.
Which IMHO makes sessions not such a bad idea at all.

Example code:

<?php
/*
------------------------------------------------------------------------
* session_mysql.php
*
------------------------------------------------------------------------
* PHP4 MySQL Session Handler
* Version 1.00
* by Ying Zhang (ying@zippydesign.com)
* Last Modified: May 21 2000
* Slightly edited by Kees Nuyt, 2003, 2004
*/

$SESS_DBHOST = "localhost"; // database server hostname for
sessions
$SESS_DBUSER = "someuid"; // database user
$SESS_DBPASS = "somepsw"; // database password
$SESS_DBNAME = "somedbnm"; // database name
$SESS_DBHNDL = ""; // database handle
$SESS_LIFE = get_cfg_var("session.gc_maxlifetime");

function sess_open($save_path, $session_name){
global $SESS_DBHOST, $SESS_DBNAME, $SESS_DBUSER,
$SESS_DBPASS, $SESS_DBHNDL;
$SESS_DBHNDL = mysql_connect($SESS_DBHOST, $SESS_DBUSER,
$SESS_DBPASS);
if (!$SESS_DBHNDL) {
echo "<li>Can't connect to $SESS_DBHOST as $SESS_DBUSER";
echo "<li>MySQL Error: ", mysql_error();
return false;
}
if (!mysql_select_db($SESS_DBNAME, $SESS_DBHNDL)) {
echo "<li>Unable to select database $SESS_DBNAME";
return false;
}
return true;
}
function sess_close(){
global $SESS_DBHNDL;
if ($SESS_DBHNDL != ""){
mysql_close($SESS_DBHNDL);
}
return true;
}
function sess_read($key){
global $SESS_DBHNDL, $SESS_LIFE;
$qry = "SELECT `value` FROM `session` WHERE `sesskey` =
'$key' AND `expiry` > UNIX_TIMESTAMP()";
$qid = mysql_query($qry, $SESS_DBHNDL) or die("error on
sess_read");
if (list($value) = mysql_fetch_row($qid)){
return $value;
} else {
return (string)"";
}
}
function sess_write($key, $val){
global $SESS_DBHNDL, $SESS_LIFE;
$expiry = time() + $SESS_LIFE;
$value = addslashes($val);
mysql_query('BEGIN', $SESS_DBHNDL);
$qry = "INSERT INTO session VALUES ('$key', $expiry,
'$value')";
$qid = mysql_query($qry, $SESS_DBHNDL);
if (! $qid){
mysql_query('ROLLBACK', $SESS_DBHNDL);
mysql_query('BEGIN', $SESS_DBHNDL);
$qry = "UPDATE session SET expiry=$expiry, value='$value'
WHERE sesskey='$key'";
$qid = mysql_query($qry, $SESS_DBHNDL);
}
mysql_query('COMMIT', $SESS_DBHNDL);
return $qid;
}
function sess_destroy($key){
global $SESS_DBHNDL;
mysql_query('BEGIN', $SESS_DBHNDL);
$qry = "DELETE FROM session WHERE sesskey = '$key'";
$qid = mysql_query($qry, $SESS_DBHNDL);
mysql_query('COMMIT', $SESS_DBHNDL);
return $qid;
}
function sess_gc($maxlifetime){
global $SESS_DBHNDL;
mysql_query('BEGIN', $SESS_DBHNDL);
$qry = "DELETE FROM session WHERE expiry < " . time();
$qid = mysql_query($qry, $SESS_DBHNDL);
$naff = mysql_affected_rows($SESS_DBHNDL);
mysql_query('COMMIT', $SESS_DBHNDL);
return $naff;
}

session_set_save_handler(
"sess_open",
"sess_close",
"sess_read",
"sess_write",
"sess_destroy",
"sess_gc");
session_start();
?>

--
) Kees Nuyt
(
c[_]

[Back to original message]