0

I'm currently in the process of writing a PHP 'plug-in' that tracks sessions across unique domains. In order to do this, I've figured the best way to handle 'sessions' across different domains is to write my own Session class/library.

I've considered using session_set_save_handler() which is normally an excellent way of doing this. However, I'm concerned that many of the web applications that this PHP plug-in will be installed on may already have their own usage of session_start() and PHP sessions and I suspect it's likely that session_set_save_handler() may break a few things - so I'm reluctant to use that.

Before I go about rewriting my own MySQL PDO-database session library, I'm wondering if there's anything like this already out there so I don't go about reinventing the wheel so to speak? I've had a quick look on Google and I can only see ones that use session_set_save_handler() which is a no-no as I mentioned.

Here's a few that I've found already that I've ruled out:

PHP-MySQL-Session-Handler https://github.com/sprain/PHP-MySQL-Session-Handler

Rejected because it uses session_set_save_handler(..) and hence will force the rest of the web application to save sessions to MySQL in the same way (which I don't want for the reasons outlined above.)

Zebra Session https://github.com/stefangabos/Zebra_Session

This looked promising but rejected because it also uses session_set_save_handler(..)

Thanks in advance.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
James Spittal
  • 235
  • 5
  • 12

1 Answers1

0

Not without using session_set_save_handler what I'm aware of. Session are handy, but getting there can a lot of pulled hair and wth-moments. session_set_save_handler removes a lot of the hair pulling and flip-the-table tantrum.

Are you really really sure you need a your custom session library? Rewriting one from scratch when there is existing functionality sounds very much inventing the wheel again.

ztripez
  • 664
  • 6
  • 24
  • Accepted as best answer because writing a database-based session class without `session_set_save_handler` is most definitely NOT for the faint of heart. Thanks ztripez. – James Spittal Jun 11 '14 at 01:49
  • I'd like to know what session_set_save_handler does, that cannot be handled in the provided methods for a custom DB handler? So far I know about: a) generate session id - can be done with base64_encode(mcrypt_create_iv(). b) garbage collection (delete old sessions), Should be easy enough to call a clean up function with a certain probability. . c) commit session when script ends. - we can probably use register_shutdown_function or ensure a commit is run when the script ends (even when there are exceptions). Any others? – Frank Forte Dec 21 '15 at 04:59