{ Handle = dbh, LockHandle = dbh }; }

19.3 Using MySQL-Based Storage with the PHP Session Manager

19.3.1 Problem

You want t o use session st orage for PHP script s.

19.3.2 Solution

PHP 4 includes session m anagm ent . By default , it uses t em porary files for backing st ore, but you can configure it t o use MySQL inst ead.

19.3.3 Discussion

PHP 4 includes a nat ive session m anager. This sect ion shows how t o use it and how t o ext end it by im plem ent ing a st orage m odule t hat saves session dat a in MySQL. [4] I f your PHP configurat ion has bot h t he track_vars and register_globals configurat ion direct ives enabled, session variables will exist as global variables of t he sam e nam es in your script . track_vars is enabled aut om at ically for PHP 4.0.3 or lat er; for earlier versions, you should enable it explicit ly. I f register_globals is not enabled, youll need t o access session variables as elem ent s of t he HTTP_SESSION_VARS global array or t he _SESSION superglobal array. This is less convenient t han relying on register_globals , but is also m ore secure. Recipe 18.6 discusses PHPs global and superglobal arrays and t he securit y im plicat ions of register_globals . [4] PHP 3 provides no session support. PHP 3 users who require session support may wish to look into PHPLIB or another package that includes a session manager.

19.3.4 The PHP 4 Session Management Interface

PHPs session m anagem ent capabilit ies are based on a sm all set of funct ions, all of which are docum ent ed in t he PHP m anual. The following list describes t hose likely t o be m ost useful for day- t o-day session program m ing: session_start Opens a session and ext ract s any variables previously st ored in it , m aking t hem available in t he script s global nam espace. For exam ple, a session variable nam ed x becom es available as _SESSION[x] or HTTP_SESSION_VARS[x] . I f register_globals is enabled, x also becom es available as t he global variable x . session_register var_name Regist ers a variable in t he session by set t ing up an associat ion bet ween t he session record and a variable in your script . For exam ple, t o regist er count , do t his: session_register count; I f you m ake any changes t o t he variable while t he session rem ains open, t he new value will be saved t o t he session record when t he session is closed. Observe t hat variables are regist ered by nam e rat her t han by value or by reference: session_register count; incorrect session_register count; incorrect Several variables m ay be regist ered at once by passing an array t hat cont ains m ult iple nam es rat her t han by passing a single nam e: session_register array count, timestamp; Regist ering a variable im plicit ly st art s a session, which m eans t hat if a script calls session_register , it need not call session_start fir st . However, session_register is effect ive only if register_globals is enabled. To avoid reliance on register_globals , you should call session_start explicit ly and get your session variables from eit her t he _SESSION or t he HTTP_SESSION_VARS array. session_unregister var_name Unregist ers a session variable so t hat it is not saved t o t he session record. session_write_close Writ es t he session dat a and closes t he session. Norm ally you need not call t his funct ion; PHP saves an open session aut om at ically when your script ends. However, it m ay be useful t o save and close t he session explicit ly if you want t o m odify session variables wit hout having t he changes t racked in t he session dat a. I n t hat case, you should call t his funct ion t o close t he session before m aking t he changes. session_destroy Rem oves t he session and any dat a associat ed wit h it . session_name name The PHP session m anager knows which session t o use by m eans of t he session ident ifier. I t looks for t he ident ifier in a global variable nam ed PHPSESSID ; in a cookie, GET , or POST variable nam ed PHPSESSID ; or in a URL param et er of t he form PHPSESSID= value . I f none of t hese are found, t he session m anager generat es a new ident ifier and begins a new session. The default ident ifier nam e is PHPSESSID , but you can change it . To m ake a global sit e- wide change, edit t he session.name configurat ion direct ive in php.ini. To m ake t he change for an individual script , call session_namename before st art ing t he session, w here name represent s t he session nam e t o use. To find out t he current session ident ifier nam e, call session_name w it h no argum ent . The following exam ple dem onst rat es one of t he sim plest uses for a session, which is t o display a count er showing t he num ber of request s received so far during t he course of t he session: session_start ; session_register count; if isset count count = 0; ++count; printf This session has been active for d requests., count; session_start opens t he session and ext ract s it s cont ent s int o t he script s global nam espace. For t he init ial request , t his has no effect because t he session is em pt y. session_register regist ers t he count session variable t o cause changes t o t he corresponding PHP variable count t o be t racked in t he session dat a. For t he first request , no such variable will be present in t he session. This is det ect ed by t he isset t est , which init ializes t he count er. On subsequent request s, regist ering count w ill cause count t o have t he value assigned t o it during t he previous request . Next , t he count ers value is increm ent ed and print ed. When t he script ends, PHP im plicit ly invokes session_write_close , which saves t he new count er value t o t he session aut om at ically. The exam ple uses session_register and t hus assum es t hat register_globals is enabled. Lat er on, well discuss how t o avoid t his lim it at ion.

19.3.5 Specifying a User-Defined Storage Module