Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

How to save session or cookie in database?

session

  • Please log in to reply
10 replies to this topic

#1 Hamed

Hamed

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 413 posts

Posted 20 September 2010 - 12:34 AM

Is it possible that store sessions or cookies in database? and check my users login or logout by that?
  • 0

#2 dbug

dbug

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 148 posts

Posted 20 September 2010 - 01:17 AM

Cookies are client side information sent on every request to the server. I don't think it makes sense to store them into a database.

There is a way to store session data into a database using the PHP function session_set_save_handler. By default PHP stores session data on disk. If you call this function you can overwrite this default method and use your own functions to read/write session data, so that you can store it into a database.

You could also write your own session management functions to use a database. In the previous link there is an example of how doing this.

Edited by dbug, 20 September 2010 - 01:22 AM.
added some information

  • 0

#3 Alexander

Alexander

    YOL9

  • Moderator
  • 3963 posts
  • Location:Vancouver, Eh! Cleverness: 200
  • Programming Language:C, C++, PHP, Assembly

Posted 20 September 2010 - 01:23 AM

and check my users login or logout by that?

If you are looking for a way to keep the user authenticated, then cookies will expire automatically to the predefined expiry date. Generally one would keep the user logged in until the login cookie expires, then the user will be forced to log in again.

If you mean storing login data into a cookie to log them in, then that is not a secure method and should not be done.

@dbug, there are inherit dangers to doing that, you should use serialize() on session ($_SESSION) data only.
  • 0

All new problems require investigation, and so if errors are problems, try to learn as much as you can and report back.


#4 dbug

dbug

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 148 posts

Posted 20 September 2010 - 01:42 AM

I don't see the problems with session_set_save_handler. The string passed to you in the write method is an encoded version (similar to serialization) of $_SESSION array. Maybe a call to some escaping function is needed to avoid problems with malicious strings if they can come from the user, but I don't see any other problem here. Am I missing something ?
  • 0

#5 dbug

dbug

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 148 posts

Posted 20 September 2010 - 02:06 AM

I've just made some tests and I've seen that assigning an object to a session variable generates a string which contains null characters in the parameter passed to the write method. This could be problematic inside an SQL statement. Is this the problem you were talking about ?
  • 0

#6 Hamed

Hamed

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 413 posts

Posted 20 September 2010 - 02:34 AM

I want to code sth like online people and I think the best way to find who is online is storing login data into database.
And also I want to keep previous link and viewing page then I need to store data into database.
I see some script have sid (Session ID) which displayed in url and they store user data on that.
  • 0

#7 FireGator

FireGator

    CC Regular

  • Just Joined
  • PipPipPip
  • 35 posts

Posted 20 September 2010 - 02:41 AM

You want to see how many unauthenticated users are online, that are registered with the session? You can get the session ID thorugh session_id() and store it in the database with the current time, so you can delete old entries at the same time that are beyond say, two hours (3600*2 seconds).

nullworm was right about session handler being insecure, best you just store the SID.
  • 0

#8 Hamed

Hamed

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 413 posts

Posted 20 September 2010 - 02:48 AM

And also I want to save my users data?
Can I use both session and cookie for login?

You want to see how many unauthenticated users are online, that are registered with the session? You can get the session ID thorugh session_id() and store it in the database with the current time, so you can delete old entries at the same time that are beyond say, two hours (3600*2 seconds).

nullworm was right about session handler being insecure, best you just store the SID.


  • 0

#9 dbug

dbug

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 148 posts

Posted 20 September 2010 - 02:51 AM

To do that I wouldn't store session data on a database. Simply you could use standard sessions to track active sessions and know if the user is authenticated or not, and, if all is ok, update some database tables to store the information you want. For example each time the users asks a page, you verify if he is logged in and has the appropiate rights using standard session management and some database queries. If so, then you update a table in the database to store the last asked page for that user.

Also, you can update a table every time a user is logged in, so you can keep a list of currently active users.

You can do all this without changing the default session management method.
  • 0

#10 Hamed

Hamed

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 413 posts

Posted 20 September 2010 - 03:03 AM

Do we have any tutorial for online users?
I can not find one?
  • 0

#11 Hamed

Hamed

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 413 posts

Posted 06 December 2010 - 06:43 AM

Look at this class : PHP: session_set_save_handler - Manual

can anyone explain how to delete expired session.
  • 0





Also tagged with one or more of these keywords: session

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download