Jump to content

[SOLVED] Session logic

Recommended Posts

Since I have yet to find a good and easy-to-follow tutorial on session_set_save_handler, I am just coding my own PHP session system where it saves a user's activity throughout the site into a MySQL database. Tell me if I need any improvements to my logic.


Logging in

First, when a user logs in, I will first check to see that the user/pass they've provided matches the ones stored in the database. Then, I will get the PHPSESSID from that user ($_REQUEST['PHPSESSID']) and put that as a value in a cookie. Then, I will INSERT the uid (user id) and the PHPSESSID in a seperate, sessions table. I will then create a session ($_SESSION) named after the user's uid.


Browsing throughout the site

On all of the secure pages, I will just include the session_check.php file.



Every time a user loads the page, I will first check that the $_SESSION['uid'], and the PHPSESSID cokkie exists. Then, I will take the value of that cookie, and check it against the PHPSESSID data stored in the database. If it matches, the user may continue on. If it doesn't (or one doesn't exist), the user will be redirected to login.php.


So, can you make any suggestions to improve this system? Or do you have a good tut on session_set_save_handler that stores it in a database?

Link to comment
Share on other sites

Yes, I've read that page and read all of the comments. The codes posted there either saves the session data to files (which I really don't want) or they don't really explain a lot. I want to be able to save sessions to a database, so I can easily view who logged in/logged out and at what time/date. Since I am more fluent with PHP/MySQL than PHP/Files, that's the route I want to take. Any suggestions?

Link to comment
Share on other sites

I want to be able to save sessions to a database, so I can easily view who logged in/logged out and at what time/date.


For that purpose, why don't you just add a column in your users table named last_login_dt and every time a user logs in, update it to the current date / time?


As a general rule, you should be storing as little data as possible in your sessions and I think there are very few real reasons to save a user's session between visits to the site.

Link to comment
Share on other sites

An extended approach if all request for your site go through a single entry point is to create a user_activity table.  In that table, store the URI of every request and attach it to the user.  Additionally, you can store any $_GET, $_POST, $_SESSION, and / or $_COOKIE data as well.


A good way to see how people are using your site.


To clarify, the benefit of this approach is not only do you know when they logged in, but you can see the order in which they browsed your site.


"Hmmm...how come a guest is viewing an administrator page?"

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.