PHP Sessions Article Finished

I do apologize for the delay, I started working on this article a while back and life’s obstacles jumped in the way. Take some time to go over the article and leave some comments letting me know what you think of it. It focuses on a custom session handler that will store the session data in a database, it also implements some security.

You can find the article on my PHP Articles page, let me know what you think.



Development, Entertainment, Tips & Tricks.

5 Comments

anthony hopkins

  • 03/08/07
  • 10:36 PM

As a newbie I wasn’t able to get this script to work but other programmer told me there was missing codes for the DB var and that is why I wasn’t able to make it work.

Joseph Crawford

  • 03/08/07
  • 10:40 PM

Anthony,

You are correct the code for the database abstraction layer was not provided, this is because it can be handled many ways and there are many different databses out there.

I am not even sure the code will work 100% out of the box although it should. I wrote that code long ago and finally sat down to explain to people how it was done and why it is a good method to use.

If you have any questions abou the code please feel free to ask and I will answer anything I can.

anthony hopkins

  • 03/13/07
  • 03:33 PM

I see $this->_db and $this->db on line 81 being used, this is where i’m getting confused.. I had someone try to help me on IRC but gave up on me after a hour. How do I get $this->_db and/or $this->db to work with MYSQL.

Joseph Crawford

  • 03/13/07
  • 03:36 PM

Anthony,

You need to write your own DB abstraction layer or use PEAR or whatever and pass it into the session object.

You could also replace $this->_db->Query etc. with mysql_query(); if you wish.

I have a database object that I use for this and each database is different which is why I intentionally left that out.

Harry Bailey

  • 06/12/07
  • 04:32 PM

Hi Joseph,

Generally an excellent article.

You have however missed a couple of important bits out. As mentioned above the db stuff is vague.
Also you mention fingerprint, fingerprintkey and fingerprintchecks variables without explaining them too well. Your article makes it appear that they are just used as salt to encrypt the user agent. You use fingerprintkey when setting it but just fingerprint in the md5 encryption, and fingerprintchecks is only used once when it is set as private and 0.

As I said, excellent start but worth finishing (even after the months that have passed)

As an addition you need to update the link above to actually go to the php articles page -> http://josephcrawford.com/php-articles/
It appears that you redirect anything with www. at the start to your home page. I suggest you just remove the www. instead.

Have your say...

You must be logged in to post a comment.

Technology Blogs Add to Technorati Favorites Page Rank Tool NYPHP Users Group View Joseph Crawford's profile on LinkedIn

   

SEO Consultant SEO services
12 visitors online now
2 guests, 10 bots, 0 members
Max visitors today: 15 at 12:50 am UTC
This month: 22 at 09-03-2010 02:06 am UTC
This year: 51 at 02-24-2010 03:06 pm UTC
All time: 51 at 02-24-2010 03:06 pm UTC