1

Hello i'm trying to understand how sessions work and how does session_set_handler() works, so i've started build a class for session handling but i've encountered some problems with the write() function can you please help me solve the problem?

<?php
class Session extends Model
{
    public
        $connectionName = 'sessions',
        $sessionsId,
        $sessionsData;

    public function __construct()
    {
        parent::__construct();
        session_set_save_handler(
            array($this, 'Open'),
            array($this, 'Close'),
            array($this, 'Read'),
            array($this, 'Write'),
            array($this, 'Destroy'),
            array($this, 'Gc'));
        session_start();
    }

    public function __destruct()
    {
        session_write_close();
    }

    public function Open()
    {
        return true;
    }

    public function Close()
    {
        return true;
    }

    public function Read($sessionsId)
    {
        $this->stmt = $this->prepare("SELECT * FROM `sessions` WHERE `id` = :sessionId");
        $this->stmt->bindParam(":sessionId", $sessionsId);
        $this->stmt->execute();
        return $this->stmt->fetchAll();
    }

    public function Write($sessionsId, $sessionsData)
    {
        $this->stmt = $this->prepare("REPLACE INTO `sessions`.`sessions` 
        (`id`, `access`, `data`) 
        VALUES 
        (:sessionId, NOW(), :sessionValue)");
        $this->stmt->bindParam(":sessionId", $sessionsId);
        $this->stmt->bindParam(":sessionValue", $sessionsData);
        $this->stmt->execute();
    }

    public function Destroy($sessionsId)
    {
        $this->stmt = $this->prepare("DELETE FROM `sessions`.`sessions` WHERE `id` = :sessionId");
        $this->stmt->bindParam(":sessionId", $sessionsId);
        $this->stmt->execute();
    }

    public function Gc()
    {
        $this->stmt = $this->prepare("DELETE FROM `sessions`.`sessions` WHERE `access` < NOW() - INTERVAL 1 HOUR");
        $this->stmt->execute();
    }
}

now the above code seems to work just fine the only problem is when i write a session in db i get the following insert:

dump from mysql

CREATE TABLE IF NOT EXISTS `sessions` (
  `id` varchar(32) NOT NULL,
  `access` datetime NOT NULL,
  `data` text NOT NULL,
  UNIQUE KEY `id` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

INSERT INTO `sessions` (`id`, `access`, `data`) VALUES
('lhig71coed8ur81n85iiovje37', '2011-07-25 15:37:57', '');

As you can see the value of the session it's not inserted i only get the session id. on var_dump($sessionsData) i get:

"name|s:6:"Bogdan";"

and for var_dump($sessionsId) i get:

lhig71coed8ur81n85iiovje37

Can you please help? i don't get any errors checked xampp logs setup display errors on error reporting everything i knew even in php.ini still no error anything used even try catch blocks. thank you very much for reading this and helping me out.

Improve this question
9
  • Can you confirm if $sessionsData does have values? Try echoing it before processes. Commented Jul 25, 2011 at 14:36
  • 1
    That var_dump looks suspicious. It's not valid serialize() output - is there any HTML/xml stored in the session array that might be getting "hidden" by a browser view? What do you see in the browser's view-source? Commented Jul 25, 2011 at 14:59
  • @Marc B: The var_dump looks really well for session data. serialize() does not work properly with session data, I think you mix this a bit because it's close, but session data is a list of variable names with their serialized values like so ({varname}|{serialized($varname)})*. Commented Jul 25, 2011 at 15:12
  • serialize() couldn't care less it's session data. It's just another data structure, basically serialize($_SESSION). A valid serialized session array would at bare minimum start with a:.... | is not a valid separator. Commented Jul 25, 2011 at 15:25
  • @Marc B: Well you should better try yourself, the function is not serialize() but session_encode(). Read as well the topmost note on that manual page. Commented Jul 25, 2011 at 15:27

1 Answer 1

Reset to default
1

I found a flaw in your implementation which results in deleting any session data:

return $this->stmt->fetchAll();

in 

public function Read($sessionsId)

That function must return a string, in your case the data from the data field.

But you're returning an array (as it looks like - can't specifically say because the actual database is hidden, PDO/MySQLi?).

However it's highly likely that unserializing the session data (see session_decode()) will fail, hence the session data will become empty and then saved again (as an empty string).

This should be the cause of your problem. Fix it by returning the string data from the database.

Next to that I suspect a kind of encoding issue but I'm not entirely sure that this causes it. But just consider the following:

The session data is binary data, not text. You could change your table definition and access accordingly. In MySQL there is the BLOB Type for that, and bindParam() could be helped with PDO::PARAM_LOB data type specifier.

Probably this type of change will cure your issue. Otherwise it will make sure that you store the data un-altered which is what you want in any case. Stick to binary-safe handling for session data.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

@ hackre: changed mode to BLBO type i've tried your advice didn't work i get [BLOB - 0octețs] in that field.
@ silent for the echo: The Session Id is : lhig71coed8ur81n85iiovje37 The Value of Session Id is : name|s:6:"Bogdan"; on var_dump string(18) "name|s:6:"Bogdan";" string(26) "lhig71coed8ur81n85iiovje37" on print_r name|s:6:"Bogdan"; lhig71coed8ur81n85iiovje37 all three are function function write so i get the data until that step that's for sure. in the first post i've ate some letters there i apologize was hungry a little but i ate something now. as for the source code i don't see nothing wrong @ hakre thank you for that document bookmarked and still reading.
@Bogdan: I see, but I think you should still stick to BLOB instead of text to store the data (when it works) as binary and not text.
@hrake i will take your advice and use it :)
@Bogdan: I probably found the culprit, see the edited answer.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.