storing session data in database

ibolui · August 16, 2008

hi, i have implemented the storage of session data into mysql database, as described in 'essential php security'.

i would like to ask how do i 'clean up' both the 'sessions' and 'sessions_keys' tables?

PFMaBiSmAd · August 16, 2008

The gc() call back function that you provided to session_set_save_handler() should contain code that performs the garbage collection cleanup of records that are older than the $maxlifetime parameter.

You would need to provide more information about your code to get specific help with it.

ibolui · August 16, 2008

my session codes are as follow...

session_set_save_handler('_open', '_close', '_read', '_write', '_destroy', '_clean');

function _open() {
global $db;
return $db;
}

function _close() {
global $db;
return mysql_close($db);
}

function _read($id) {
global $db;

$algorithm = MCRYPT_BLOWFISH;
$mode = MCRYPT_MODE_CBC;

$id = mysql_real_escape_string($id);

$sql = "SELECT session_data FROM sessions WHERE session_id = '$id'";

if ($result = mysql_query($sql, $db)) {
	if (mysql_num_rows($result)) {
		$record = mysql_fetch_assoc($result);
		//			return $record['session_data'];
		$data = base64_decode($record['session_data']);

		$iv_size = mcrypt_get_iv_size($algorithm, $mode);

		$ciphertext = substr($data, $iv_size);
		$iv = substr($data, 0, $iv_size);

		$crypt = new crypt();

		$crypt->iv = $iv;
		$crypt->ciphertext = $ciphertext;
		$crypt->decrypt();

		return $crypt->cleartext;
	}
}

return '';
}

function _write($id, $data) {
global $db;

$expires = time();

$crypt = new crypt();

$crypt->cleartext = $data;
$crypt->generate_iv();
$crypt->encrypt();

$ciphertext = $crypt->ciphertext;
$iv = $crypt->iv;

$data = base64_encode($iv . $ciphertext);

$id = mysql_real_escape_string($id);
$expires = mysql_real_escape_string($expires);
$data = mysql_real_escape_string($data);

$sql = "REPLACE INTO sessions VALUES ('$id', '$expires', '$data')";

return mysql_query($sql, $db);
}

function _destroy($id) {
global $db;

$id = mysql_real_escape_string($id);

$sql = "DELETE FROM sessions WHERE session_id = '$id'";

return mysql_query($sql, $db);
}

function _clean($max) {
global $db;

$old = time() - $max;
$old = mysql_real_escape_string($old);

$sql = "DELETE FROM sessions WHERE session_expires < '$old'";

return mysql_query($sql, $db);
}

Sign In

storing session data in database

Recommended Posts

ibolui

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

ibolui

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information