mooeypoo Posted November 11, 2006 Posted November 11, 2006 Hi guys I'm building a method to my php site that will validate a user's session. One of the functions in that method is going through a Database with saved sessionIDs, and verifying that they are active. If a sessionID is not active, it should be deleted from the db. I can't find a way to go over the active sessions in PHP. I know how to get the params of a single session (like, the one the user is currently configured with), but if I want to go through (server side of course) the full list of all active sessions and get their IDs, I just can't find a way. There must be one... help... ~moo
Aeternus Posted November 11, 2006 Posted November 11, 2006 As far as I am aware, using the default PHP session handling, the data for each session is stored in a file in the directory listed in "session.save_path" in the config. Your best bet if you want to treat it like a database is to use session_set_save_handler to customise the behaviour of the session handling so that it writes and reads it's information from a database that you can query. Another option might be looking for files of the right filenames and so on in the correct directory but this is certainly not guaranteed to give you just your sessions (depending on how the server is setup to run php and how php is configured) and is not an ideal solution. Alot of people will suggest that if you are planning for this to ever run of a shared server and the session data should be kept secure, you should probably write some form of custom session handling to keep away from the php default, as it is entirely insecure, as it is trivial for other people being hosted on your webserver to look into the directory used for storing temporary session files (using /tmp/ on linux). Theres alot more info here - http://uk.php.net/manual/en/ref.session.php
mooeypoo Posted November 11, 2006 Author Posted November 11, 2006 Your best bet if you want to treat it like a database is to use session_set_save_handler to customise the behaviour of the session handling so that it writes and reads it's information from a database that you can query. I can't find reference for that. Can you give me a code snippet, or explain how? I am starting to get quite frustrated. Or.. maybe.. if you have any other idea as to how to validate a user? I have a login form, but since my website will be open to university students, i want to make SURE that sessions are valid. So when someone logs in his IP address and sessionID are set into a DB. Then, to validate, I want to go do two things: 1. Make sure that sessionID fits IPAddress and therefore the specific user is validated. 2. Go through all DB entries, and check if the sessionids in it are still active sessions (which is my problem now). Any other ideas? Or any ideas on how to solve this problem? I just can't find a way to do it other than theory.. grr. Thanks!! ~moo
Cap'n Refsmmat Posted November 11, 2006 Posted November 11, 2006 There's an example of a custom script in the PHP manual page Aeternus linked to. You could also just use PHP's file manipulation functions to open the temporary directory and walk through the session files. Of course, PHP already checks sessions to see how old they are, and removes them if necessary...
weknowthewor Posted December 14, 2006 Posted December 14, 2006 Another way of login check is create a table called 'temp' in ur database ... It has fields such as IPaddress , tempvar(random variable for e.g: askj65634sdvkbsdkv3423) and username ... Check the username and password is correct during login and if so insert into temp table .So, now if other person tries to login with same username and password on eof the two gets logged out bcaz IPaddresse's are different... Try it out..
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now