我实现了这个自定义PHP会话类,用于将会话存储到MySQL数据库中:
class Session
{
private $_session;
public $maxTime;
private $database;
public function __construct(mysqli $database)
{
$this->database=$database;
$this->maxTime['access'] = time();
$this->maxTime['gc'] = get_cfg_var('session.gc_maxlifetime');
session_set_save_handler(array($this,'_open'),
array($this,'_close'),
array($this,'_read'),
array($this,'_write'),
array($this,'_destroy'),
array($this,'_clean')
);
register_shutdown_function('session_write_close');
session_start();//SESSION START
}
public function _open()
{
return true;
}
public function _close()
{
$this->_clean($this->maxTime['gc']);
}
public function _read($id)
{
$getData= $this->database->prepare("SELECT data FROM
Sessions AS Session
WHERE Session.id = ?");
$getData->bind_param('s',$id);
$getData->execute();
$allData= $getData->fetch();
$totalData = count($allData);
$hasData=(bool) $totalData >=1;
return $hasData ? $allData['data'] : '';
}
public function _write($id, $data)
{
$getData = $this->database->prepare("REPLACE INTO
Sessions
VALUES (?, ?, ?)");
$getData->bind_param('sss', $id, $this->maxTime['access'], $data);
return $getData->execute();
}
public function _destroy($id)
{
$getData=$this->database->prepare("DELETE FROM
Sessions
WHERE id = ?");
$getData->bind_param('S', $id);
return $getData->execute();
}
public function _clean($max)
{
$old=($this->maxTime['access'] - $max);
$getData = $this->database->prepare("DELETE FROM Sessions WHERE access < ?");
$getData->bind_param('s', $old);
return $getData->execute();
}
}
它运行良好,但我真的不知道如何正确访问$_SESSION数组:
例如:
$db=new DBClass();//This is a custom database class
$session=new Session($db->getConnection());
if (isset($_SESSION['user']))
{
echo($_SESSION['user']);//THIS IS NEVER EXECUTED!
}
else
{
$_SESSION['user']="test";
Echo("Session created!");
}
在每个页面刷新时,似乎$_SESSION['user']以某种方式“重置”,我可以应用哪些方法来防止此类行为?
答案 0 :(得分:3)
这是更新后的代码!!! :-) 现在它完全正常工作!!!
<?php
class session {
private $_session;
public $maxTime;
private $db;
public function __construct() {
$this->maxTime['access'] = time();
$this->maxTime['gc'] = 21600; //21600 = 6 hours
//it is session handler
session_set_save_handler(array($this,'_open'),
array($this,'_close'),
array($this,'_read'),
array($this,'_write'),
array($this,'_destroy'),
array($this,'_clean')
);
register_shutdown_function('session_write_close');
session_start();//SESSION START
}
private function getDB() {
$mysql_host = 'your_host';
$mysql_user = 'user';
$mysql_password = 'pass';
$mysql_db_name = 'db_name';
if (!isset($this->db)) {
$this->db = new mysqli($mysql_host, $mysql_user, $mysql_password, $mysql_db_name);
if (mysqli_connect_errno()) {
printf("Error no connection: <br />%s\n", mysqli_connect_error());
exit();
}
}
return $this->db;
}
// O_O !!!
public function _open() {
return true;
}
public function _close() {
$this->_clean($this->maxTime['gc']);
}
public function _read($id) {
$stmt= $this->getDB()->prepare("SELECT session_variable FROM table_sessions
WHERE table_sessions.session_id = ?");
$stmt->bind_param('s',$id);
$stmt->bind_result($data);
$stmt->execute();
$ok = $stmt->fetch() ? $data : '';
$stmt->close();
return $ok;
}
public function _write($id, $data) {
$stmt = $this->getDB()->prepare("REPLACE INTO table_sessions (session_id, session_variable, session_access) VALUES (?, ?, ?)");
$stmt->bind_param('ssi', $id, $data, $this->maxTime['access']);
$ok = $stmt->execute();
$stmt->close();
return $ok;
}
public function _destroy($id) {
$stmt=$this->getDB()->prepare("DELETE FROM table_sessions WHERE session_id = ?");
$stmt->bind_param('s', $id);
$ok = $stmt->execute();
$stmt->close();
return $ok;
}
public function _clean($max) {
$old=($this->maxTime['access'] - $max);
$stmt = $this->getDB()->prepare("DELETE FROM table_sessions WHERE session_access < ?");
$stmt->bind_param('s', $old);
$ok = $stmt->execute();
$stmt->close();
return $ok;
}
}
?>
这是会话表:
CREATE TABLE IF NOT EXISTS `table_sessions` (
`session_id` varchar(50) NOT NULL,
`session_variable` text NOT NULL,
`session_access` decimal(15,0) NOT NULL,
PRIMARY KEY (`session_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
答案 1 :(得分:2)
也许你需要先start a session?
答案 2 :(得分:1)
mysqli_stmt::fetch()不返回表示该行的数组,它只返回true或false。因此,您的代码位于_read()
$allData= $getData->fetch();
$totalData = count($allData);
$hasData=(bool) $totalData >=1;
return $hasData ? $allData['data'] : '';
无法正常工作。 $allData将为true或false,且没有数组元素$allData['data']。
http://docs.php.net/mysqli-stmt.fetch说:
将预准备语句的结果提取到mysqli_stmt_bind_result()绑定的变量中。
public function _read($id)
{
$getData= $this->database->prepare("SELECT data FROM
Sessions AS Session
WHERE Session.id = ?
");
if ( false===$getData ) {
// now what?
}
$getData->bind_param('s',$id);
$getData->bind_result($data);
if ( false===$getData->execute() ) {
// now what?
}
return $getData->fetch() ? $data : '';
}
答案 3 :(得分:0)
我之前已经有过会议似乎不会持续的事情,因为他们应该
您可以尝试在更改页面时检查您的sessionid是否保持不变,如果没有手动设置它。
var_dump(session_id());
if (session_id()=="")
{
if ($_GET["sessionid"])
{
session_id($_GET["sessionid"]);
}
elseif ($_POST["sessionid"])
{
session_id($_POST["sessionid"]);
}
session_start();
}
这更像是一个测试,看看这是否是问题。我不确定从查询字符串设置会话ID会有什么安全隐患,但我怀疑它们不好!