Hi,
I tried to implement my own session handler in order to keep control on
the process
the drawback I foun it is not creating and storing in my cookie the
PHPSESSID variable anymore.
reading te documentation it seems it should do it anyway
any advice?
cheers
jc
the session handler, from php website:
<?php
function open($save_path , $session_name)
{
global $sess_save_path , $sess_session_n ame;
$sess_save_path = $save_path;
$sess_session_n ame = $session_name;
return(true);
}
function close()
{
return(true);
}
/**
* Enter description here...
*
* @param unknown_type $id
* @return unknown
*/function read($id)
{
global $sess_save_path , $sess_session_n ame;
$sess_file = "$sess_save_pat h/sess_$id";
if ($fp = @fopen($sess_fi le, "r")) {
$sess_data = fread($fp, filesize($sess_ file));
return($sess_da ta);
} else {
return(""); // Must return "" here.
}
}
/**
* Enter description here...
*
* @param unknown_type $id
* @param unknown_type $sess_data
* @return unknown
*/function write($id, $sess_data)
{
global $sess_save_path , $sess_session_n ame;
$sess_file = "$sess_save_pat h/sess_$id";
if ($fp = @fopen($sess_fi le, "w")) {
return(fwrite($ fp, $sess_data));
} else {
return(false);
}
}
function destroy($id)
{
global $sess_save_path , $sess_session_n ame;
$sess_file = "$sess_save_pat h/sess_$id";
return(@unlink( $sess_file));
}
/*************** *************** ***************
* WARNING - You will need to implement some *
* sort of garbage collection routine here. *
*************** *************** ***************/
function gc($maxlifetime )
{
return true;
}
#session_set_sa ve_handler("ope n", "close", "read", "write", "destroy",
"gc");
#session_start( );
// proceed to use sessions normally
?>
the sever configuration:
[Session]
; Handler used to store/retrieve data.
;session.save_h andler = files
session.save_ha ndler = user
; Argument passed to save_handler. In the case of files, this is the
path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
; As of PHP 4.0.1, you can define the path as:
; session.save_pa th = "N;/path"
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that
purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;session.save_p ath = /tmp
session.save_pa th = "D:/tmp"
;session.save_p ath = "Z:/2"
;session.save_p ath = "http://ce000730"
;session.save_p ath = "ftp://diego:123456@12 7.0.0.1"
; Whether to use cookies.
session.use_coo kies = 1
; This option enables administrators to make their users invulnerable
to
; attacks which involve passing session ids in URLs; defaults to 0.
session.use_onl y_cookies = 1
; Name of the session (used as cookie name).
;session.name = PHPSESSID
session.name = php_session
; Initialize session on request startup.
session.auto_st art = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_ lifetime = 0
; The path for which the cookie is valid.
session.cookie_ path = /
; The domain for which the cookie is valid.
session.cookie_ domain =
; Handler used to serialize data. php is the standard serializer of
PHP.
session.seriali ze_handler = php
; Define the probability that the 'garbage collection' process is
started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.
session.gc_prob ability = 1
session.gc_divi sor = 100
; After this number of seconds, stored data will be seen as 'garbage'
and
; cleaned up by the garbage collection process.
session.gc_maxl ifetime = 1440
; NOTE: If you are using the subdirectory option for storing session
files
; (see session.save_pa th above), then garbage collection does
*not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other
method.
; For example, the following script would is the equivalent of
; setting session.gc_maxl ifetime to 1440 (1440 seconds = 24
minutes):
; cd /path/to/sessions; find -cmin +24 | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit
register_global s
; is disabled. PHP 4.3 and later will warn you, if this feature is
used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.
session.bug_com pat_42 = 1
session.bug_com pat_warn = 1
; Check HTTP Referer to invalidate externally stored URLs containing
ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer _check =
; How many bytes to read from the file.
session.entropy _length = 0
; Specified here to create the session id.
session.entropy _file =
;session.entrop y_length = 16
;session.entrop y_file = /dev/urandom
; Set to {nocache,privat e,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_l imiter = nocache
; Document expires after n minutes.
session.cache_e xpire = 180
; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_tra ns_sid = 0
; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter
will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.ta gs =
"a=href,area=hr ef,frame=src,in put=src,form=,f ieldset="
I tried to implement my own session handler in order to keep control on
the process
the drawback I foun it is not creating and storing in my cookie the
PHPSESSID variable anymore.
reading te documentation it seems it should do it anyway
any advice?
cheers
jc
the session handler, from php website:
<?php
function open($save_path , $session_name)
{
global $sess_save_path , $sess_session_n ame;
$sess_save_path = $save_path;
$sess_session_n ame = $session_name;
return(true);
}
function close()
{
return(true);
}
/**
* Enter description here...
*
* @param unknown_type $id
* @return unknown
*/function read($id)
{
global $sess_save_path , $sess_session_n ame;
$sess_file = "$sess_save_pat h/sess_$id";
if ($fp = @fopen($sess_fi le, "r")) {
$sess_data = fread($fp, filesize($sess_ file));
return($sess_da ta);
} else {
return(""); // Must return "" here.
}
}
/**
* Enter description here...
*
* @param unknown_type $id
* @param unknown_type $sess_data
* @return unknown
*/function write($id, $sess_data)
{
global $sess_save_path , $sess_session_n ame;
$sess_file = "$sess_save_pat h/sess_$id";
if ($fp = @fopen($sess_fi le, "w")) {
return(fwrite($ fp, $sess_data));
} else {
return(false);
}
}
function destroy($id)
{
global $sess_save_path , $sess_session_n ame;
$sess_file = "$sess_save_pat h/sess_$id";
return(@unlink( $sess_file));
}
/*************** *************** ***************
* WARNING - You will need to implement some *
* sort of garbage collection routine here. *
*************** *************** ***************/
function gc($maxlifetime )
{
return true;
}
#session_set_sa ve_handler("ope n", "close", "read", "write", "destroy",
"gc");
#session_start( );
// proceed to use sessions normally
?>
the sever configuration:
[Session]
; Handler used to store/retrieve data.
;session.save_h andler = files
session.save_ha ndler = user
; Argument passed to save_handler. In the case of files, this is the
path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
; As of PHP 4.0.1, you can define the path as:
; session.save_pa th = "N;/path"
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that
purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;session.save_p ath = /tmp
session.save_pa th = "D:/tmp"
;session.save_p ath = "Z:/2"
;session.save_p ath = "http://ce000730"
;session.save_p ath = "ftp://diego:123456@12 7.0.0.1"
; Whether to use cookies.
session.use_coo kies = 1
; This option enables administrators to make their users invulnerable
to
; attacks which involve passing session ids in URLs; defaults to 0.
session.use_onl y_cookies = 1
; Name of the session (used as cookie name).
;session.name = PHPSESSID
session.name = php_session
; Initialize session on request startup.
session.auto_st art = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_ lifetime = 0
; The path for which the cookie is valid.
session.cookie_ path = /
; The domain for which the cookie is valid.
session.cookie_ domain =
; Handler used to serialize data. php is the standard serializer of
PHP.
session.seriali ze_handler = php
; Define the probability that the 'garbage collection' process is
started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.
session.gc_prob ability = 1
session.gc_divi sor = 100
; After this number of seconds, stored data will be seen as 'garbage'
and
; cleaned up by the garbage collection process.
session.gc_maxl ifetime = 1440
; NOTE: If you are using the subdirectory option for storing session
files
; (see session.save_pa th above), then garbage collection does
*not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other
method.
; For example, the following script would is the equivalent of
; setting session.gc_maxl ifetime to 1440 (1440 seconds = 24
minutes):
; cd /path/to/sessions; find -cmin +24 | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit
register_global s
; is disabled. PHP 4.3 and later will warn you, if this feature is
used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.
session.bug_com pat_42 = 1
session.bug_com pat_warn = 1
; Check HTTP Referer to invalidate externally stored URLs containing
ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer _check =
; How many bytes to read from the file.
session.entropy _length = 0
; Specified here to create the session id.
session.entropy _file =
;session.entrop y_length = 16
;session.entrop y_file = /dev/urandom
; Set to {nocache,privat e,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_l imiter = nocache
; Document expires after n minutes.
session.cache_e xpire = 180
; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_tra ns_sid = 0
; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter
will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.ta gs =
"a=href,area=hr ef,frame=src,in put=src,form=,f ieldset="