php, mysql, and session_set_save_handler woes

[ph2007]

Due to the nature of the hosting environment I'm using, I am unable to use sessions the normal way (relying on session files on the host), as it is a load-balanced cluster of servers.

 

As a result, I'm attempting to adapt my application to save session data in a database.  I have a "session" class that has all the correct handlers (open, close, read, write, destroy, gc) and the class method have been registered properly.  I have verified that session data can be written and read from the database.

 

However, here is the issue I'm encountering.  When I go to do something as simple as log in to my application, I can see that the session data is being written correctly (e.g., "username|s:6:ph2007;"), but in practically the same breath, the information is then written over with "username|N;".

 

As a rule, I instruct the script to "reload" the page immediately after handling function input, to prevent actions being repeated detrimentally.  I have verified that this causes the "overwrite" of my session data.  When I turn off the reload functionality, I am shown the correct screen after logging in, but any other interaction with session data or even manually refreshing the page ends up clearing the session data.

 

My session handler class is as follows:

 

 

class session
{
	var $debug = true;
	var $lifetime;
	var $sessdb;

	function open($save_path, $session_name)
	{ 
		$this->debug && error_log("**** open() entered function");
		$this->lifetime = get_cfg_var("session.gc_maxlifetime");
		$handle = mysql_connect('remotehost1', 'root', 'rootpass');
		$sel = mysql_select_db('web',$handle);
		if (!$handle || !$sel)
		{
			$this->debug && error_log("**** open() something went wrong *");
			return false;
		}
		$this->sessdb = $handle;
		$this->debug && error_log("**** open() leaving function");
		return true;
	}
	function close()
	{
		$this->debug && error_log("**** close() entered function");
		$this->gc(ini_get("session.gc_maxlifetime"));
		$this->debug && error_log("**** close() leaving function");
		return mysql_close($this->sessdb);
	}
	function read($session_id)
	{
		$this->debug && error_log("**** read() entered function");
		$query = "SELECT session_data AS data FROM my_sessions WHERE session_id = \"" . $session_id . "\" AND session_expires > " . time();
		$r = mysql_query($query,$this->sessdb);
		if ($row = mysql_fetch_assoc($r))
		{
			$this->debug && error_log("**** read() leaving function with ".$row['data']);
			return $row['data'];
		}
		$this->debug && error_log("**** read() leaving function");
		return "";
	}
	function write($session_id, $session_data)
	{
		if (!preg_match('/^([0-9a-f]{32})$/i',$session_id)) $session_id = NULL;
		$session_data = str_replace("\"","",$session_data);

		$this->debug && error_log("**** write() entered function");
		$expire = time() + $this->lifetime;
		$query = "SELECT * FROM my_sessions WHERE session_id = \"" . $session_id . "\"";
		$r = mysql_query($query,$this->sessdb);
		if (mysql_num_rows($r))
		{
			$this->debug && error_log("**** write() found existing session, attempting to write " . $session_data);
			$query = "UPDATE my_sessions SET session_expires = \"" . $expire . "\"," .
					 "session_data = \"" . $session_data . "\" WHERE session_id = \"" . $session_id . "\"";
			$this->debug && error_log("**** write() query = " . $query);
			$r = mysql_query($query,$this->sessdb);
			if (mysql_affected_rows($this->sessdb))
				return true;
			$this->debug && error_log("**** write() update affected nothing *");
		}
		else
		{
			$this->debug && error_log("**** write() creating new session");
			$query = "INSERT INTO my_sessions (session_id, session_expires, session_data) VALUES (" .
					 "\"" . $session_id . "\", \"" . $expire . "\", \"" . $session_data . "\")";
			$r = mysql_query($query,$this->sessdb);
			if (mysql_affected_rows($this->sessdb))
				return true;
			$this->debug && error_log("**** write() insert affected nothing *");
		}
		$this->debug && error_log("**** write() leaving function, sql queries failed *");
		return false;
	}
	function destroy($session_id)
	{
		$this->debug && error_log("**** destroy() entered function");
		$query = "DELETE FROM my_sessions WHERE session_id = \"" . $session_id . "\"";
		$r = mysql_query($query,$this->sessdb);
		if (mysql_affected_rows($this->sessdb))
			return true;
		$this->debug && error_log("**** destroy() leaving function, sql query failed or found nothing *");
		return false;
	}
	function gc($maxlifetime)
	{
		$this->debug && error_log("**** gc() entered function");
		$query = "DELETE FROM my_sessions WHERE session_expires < ".time();
		$r = mysql_query($query,$this->sessdb);
		$this->debug && error_log("**** gc() leaving function");
		return mysql_affected_rows($this->sessdb);
	}
}

[ph2007]

Here is my login handler:

 

 

if (isset($_POST['f_login']))
{
	$db = mysql_pconnect('remotehost2', 'root', 'rootpass') or die ("Database server connection failed.");
	mysql_select_db('web', $db) or die ("Database unavailable.");
	$query = "select count(*) as num from users where username=\"".$_POST['username']."\" and password=\"".md5($_POST['password'])."\"";
	$r = mysql_query($query);
	$count = mysql_fetch_assoc($r);
	if ($count['num'] < 1)
	{
		$_SESSION['msg'] = "<p><strong>Incorrect username and/or password.  Please try again.</strong></p>";
	}
	else
	{
		$_SESSION['username'] = $_POST['username'];
	}
	reload();
}

[ph2007]

(sorry for the multiple posts to get all this in, folks, the forum technology is not cooperating with me today)

 

Here is the output from the the PHP error_log:

 

 

[10-May-2007 10:30:25] **** open() entered function
[10-May-2007 10:30:25] **** open() leaving function
[10-May-2007 10:30:25] **** read() entered function
[10-May-2007 10:30:25] **** read() leaving function
[10-May-2007 10:30:25] **** write() entered function
[10-May-2007 10:30:26] **** write() creating new session
[10-May-2007 10:30:26] **** close() entered function
[10-May-2007 10:30:26] **** gc() entered function
[10-May-2007 10:30:26] **** gc() leaving function
[10-May-2007 10:30:26] **** close() leaving function
[10-May-2007 10:30:31] **** open() entered function
[10-May-2007 10:30:31] **** open() leaving function
[10-May-2007 10:30:31] **** read() entered function
[10-May-2007 10:30:31] **** read() leaving function with 
[10-May-2007 10:30:32] **** write() entered function
[10-May-2007 10:30:32] **** open() entered function
[10-May-2007 10:30:32] **** write() found existing session, attempting to write username|s:6:ph2007;
[10-May-2007 10:30:32] **** write() query = UPDATE my_sessions SET session_expires = "1178819672",session_data = "username|s:6:ph2007;" WHERE session_id = "b3d5a6898e2f7fdd71f77066a274112b"
[10-May-2007 10:30:32] **** close() entered function
[10-May-2007 10:30:32] **** gc() entered function
[10-May-2007 10:30:32] **** gc() leaving function
[10-May-2007 10:30:32] **** close() leaving function
[10-May-2007 10:30:32] **** open() leaving function
[10-May-2007 10:30:32] **** read() entered function
[10-May-2007 10:30:32] **** read() leaving function with username|s:6:ph2007;
[10-May-2007 10:30:32] **** write() entered function
[b][10-May-2007 10:30:32] **** write() found existing session, attempting to write username|N;
[10-May-2007 10:30:32] **** write() query = UPDATE my_sessions SET session_expires = "1178819672",session_data = "username|N;" WHERE session_id = "b3d5a6898e2f7fdd71f77066a274112b"[/b]
[10-May-2007 10:30:33] **** close() entered function
[10-May-2007 10:30:33] **** gc() entered function
[10-May-2007 10:30:33] **** gc() leaving function
[10-May-2007 10:30:33] **** close() leaving function