john010117 Posted May 8, 2007 Share Posted May 8, 2007 Since I have yet to find a good and easy-to-follow tutorial on session_set_save_handler, I am just coding my own PHP session system where it saves a user's activity throughout the site into a MySQL database. Tell me if I need any improvements to my logic. Logging in First, when a user logs in, I will first check to see that the user/pass they've provided matches the ones stored in the database. Then, I will get the PHPSESSID from that user ($_REQUEST['PHPSESSID']) and put that as a value in a cookie. Then, I will INSERT the uid (user id) and the PHPSESSID in a seperate, sessions table. I will then create a session ($_SESSION) named after the user's uid. Browsing throughout the site On all of the secure pages, I will just include the session_check.php file. session_check.php Every time a user loads the page, I will first check that the $_SESSION['uid'], and the PHPSESSID cokkie exists. Then, I will take the value of that cookie, and check it against the PHPSESSID data stored in the database. If it matches, the user may continue on. If it doesn't (or one doesn't exist), the user will be redirected to login.php. So, can you make any suggestions to improve this system? Or do you have a good tut on session_set_save_handler that stores it in a database? Quote Link to comment https://forums.phpfreaks.com/topic/50572-solved-session-logic/ Share on other sites More sharing options...
roopurt18 Posted May 9, 2007 Share Posted May 9, 2007 http://www.php.net/session_set_save_handler Did you start here and read all of the comments? Also, why are you wanting to store it in the DB? You want data to persist across user visits to the site? Quote Link to comment https://forums.phpfreaks.com/topic/50572-solved-session-logic/#findComment-249098 Share on other sites More sharing options...
john010117 Posted May 9, 2007 Author Share Posted May 9, 2007 Yes, I've read that page and read all of the comments. The codes posted there either saves the session data to files (which I really don't want) or they don't really explain a lot. I want to be able to save sessions to a database, so I can easily view who logged in/logged out and at what time/date. Since I am more fluent with PHP/MySQL than PHP/Files, that's the route I want to take. Any suggestions? Quote Link to comment https://forums.phpfreaks.com/topic/50572-solved-session-logic/#findComment-249392 Share on other sites More sharing options...
roopurt18 Posted May 9, 2007 Share Posted May 9, 2007 I want to be able to save sessions to a database, so I can easily view who logged in/logged out and at what time/date. For that purpose, why don't you just add a column in your users table named last_login_dt and every time a user logs in, update it to the current date / time? As a general rule, you should be storing as little data as possible in your sessions and I think there are very few real reasons to save a user's session between visits to the site. Quote Link to comment https://forums.phpfreaks.com/topic/50572-solved-session-logic/#findComment-249400 Share on other sites More sharing options...
john010117 Posted May 9, 2007 Author Share Posted May 9, 2007 Right. Why didn't I think of that before? Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/50572-solved-session-logic/#findComment-249404 Share on other sites More sharing options...
roopurt18 Posted May 9, 2007 Share Posted May 9, 2007 An extended approach if all request for your site go through a single entry point is to create a user_activity table. In that table, store the URI of every request and attach it to the user. Additionally, you can store any $_GET, $_POST, $_SESSION, and / or $_COOKIE data as well. A good way to see how people are using your site. To clarify, the benefit of this approach is not only do you know when they logged in, but you can see the order in which they browsed your site. "Hmmm...how come a guest is viewing an administrator page?" Quote Link to comment https://forums.phpfreaks.com/topic/50572-solved-session-logic/#findComment-249420 Share on other sites More sharing options...
john010117 Posted May 10, 2007 Author Share Posted May 10, 2007 Right. I'll try that out. Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/50572-solved-session-logic/#findComment-249455 Share on other sites More sharing options...
steelmanronald06 Posted May 15, 2007 Share Posted May 15, 2007 Have you given adodb a try?? http://adodb.sf.net It is a database abstraction layer library, but it has a built in custom session handler that stores to a flat file or a database, your choice. Pretty advanced. Also, CakePHP framework is the same way. Quote Link to comment https://forums.phpfreaks.com/topic/50572-solved-session-logic/#findComment-253275 Share on other sites More sharing options...
john010117 Posted May 16, 2007 Author Share Posted May 16, 2007 I'll check those out. Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/50572-solved-session-logic/#findComment-254047 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.