473,836 Members | 1,520 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

custom user session handler + PHPSESSID in cookie

I tried to implement my own session handler in order to keep control on
the process
the drawback I foun it is not creating and storing in my cookie the
PHPSESSID variable anymore.
reading te documentation it seems it should do it anyway
any advice?

the session handler, from php website:

function open($save_path , $session_name)
global $sess_save_path , $sess_session_n ame;

$sess_save_path = $save_path;
$sess_session_n ame = $session_name;

function close()

* Enter description here...
* @param unknown_type $id
* @return unknown
*/function read($id)
global $sess_save_path , $sess_session_n ame;

$sess_file = "$sess_save_pat h/sess_$id";
if ($fp = @fopen($sess_fi le, "r")) {
$sess_data = fread($fp, filesize($sess_ file));
return($sess_da ta);
} else {
return(""); // Must return "" here.


* Enter description here...
* @param unknown_type $id
* @param unknown_type $sess_data
* @return unknown
*/function write($id, $sess_data)
global $sess_save_path , $sess_session_n ame;

$sess_file = "$sess_save_pat h/sess_$id";
if ($fp = @fopen($sess_fi le, "w")) {
return(fwrite($ fp, $sess_data));
} else {


function destroy($id)
global $sess_save_path , $sess_session_n ame;

$sess_file = "$sess_save_pat h/sess_$id";
return(@unlink( $sess_file));

/*************** *************** ***************
* WARNING - You will need to implement some *
* sort of garbage collection routine here. *
*************** *************** ***************/
function gc($maxlifetime )
return true;

#session_set_sa ve_handler("ope n", "close", "read", "write", "destroy",

#session_start( );

// proceed to use sessions normally


the sever configuration:
; Handler used to store/retrieve data.
;session.save_h andler = files
session.save_ha ndler = user

; Argument passed to save_handler. In the case of files, this is the
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
; As of PHP 4.0.1, you can define the path as:
; session.save_pa th = "N;/path"
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;session.save_p ath = /tmp
session.save_pa th = "D:/tmp"
;session.save_p ath = "Z:/2"
;session.save_p ath = "http://ce000730"
;session.save_p ath = "ftp://diego:12****@12"

; Whether to use cookies.
session.use_coo kies = 1

; This option enables administrators to make their users invulnerable
; attacks which involve passing session ids in URLs; defaults to 0.
session.use_onl y_cookies = 1

; Name of the session (used as cookie name).
;session.name = PHPSESSID
session.name = php_session

; Initialize session on request startup.
session.auto_st art = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_ lifetime = 0

; The path for which the cookie is valid.
session.cookie_ path = /

; The domain for which the cookie is valid.
session.cookie_ domain =

; Handler used to serialize data. php is the standard serializer of
session.seriali ze_handler = php

; Define the probability that the 'garbage collection' process is
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_prob ability = 1
session.gc_divi sor = 100

; After this number of seconds, stored data will be seen as 'garbage'
; cleaned up by the garbage collection process.
session.gc_maxl ifetime = 1440

; NOTE: If you are using the subdirectory option for storing session
; (see session.save_pa th above), then garbage collection does
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other
; For example, the following script would is the equivalent of
; setting session.gc_maxl ifetime to 1440 (1440 seconds = 24
; cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit
register_global s
; is disabled. PHP 4.3 and later will warn you, if this feature is
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_com pat_42 = 1
session.bug_com pat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer _check =

; How many bytes to read from the file.
session.entropy _length = 0

; Specified here to create the session id.
session.entropy _file =

;session.entrop y_length = 16

;session.entrop y_file = /dev/urandom

; Set to {nocache,privat e,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_l imiter = nocache

; Document expires after n minutes.
session.cache_e xpire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_tra ns_sid = 0

; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.ta gs =
"a=href,area=hr ef,frame=src,in put=src,form=,f ieldset="

Mar 2 '06 #1
0 3242

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Arnaud | last post by:
Hi ! I would like to propagate data between php pages, in two cases : the pages are read by : 1- Internet Explorer It's ok, data are writen in one page, and read from another. I don't use PHPSESSID 2- from a mobile browser ( mobile i-Mode phone Nec22) After several tests, I understod it's impossible, because the session system tries to write a cookie on the browser...
by: Mimi | last post by:
Hello, I am having trouble using the session vars in PHP 4.3.9 OS: Win XP Prof Web Server IIS (is local and there are no links to other servers from the web pages I work on) Browser: IE 6.0 The problem I am having is that each time I reload the same PHP page, I get
by: Fred | last post by:
Hello, When I use Session in my php code, the first time a session is establish, every link on that page (where the session starts) contains the PHPSESSID in the query. For example: session.php?PHPSESSID=d3994a591c42b9d3bba48ae654341482 If we follow the link, the PHPSESSID disapears, which makes sence to me
by: ehendrikd | last post by:
hi all i need some clarification on how the php session work in relation to cookies. we have a web site where users need to log in. a few of our users were having troubles with their browser clients having different levels of cookie security settings. i assumed a solution would be to have the php site use the session only, and set session.use_cookies to 0 in the php.ini file. after doing this, the session no longer persits after
by: McGeeky | last post by:
Is there a way to get a user control to remember its state across pages? I have a standard page layout I use with a header and footer as user controls. Each page uses the same layout by means of copy paste (I hear this will improve in ASP.Net 2 via master pages). When I navigate from one page to the next the header and footer user controls lose their state because they are effectively different instances of the user control. Is there...
by: DC | last post by:
--when i set session.cache_limiter = private i get this Set-Cookie: PHPSESSID=61fdf683fef689d5371a1c01fd46e678; path=/; secure Expires: Thu, 19 Nov 1981 08:52:00 GMT No idea where it's pulling that date from. (Clearly already expired) --when i set session.cache_limiter = private_no_expire i get this Set-Cookie: PHPSESSID=61fdf683fef689d5371a1c01fd46e678; path=/; secure (no Expires line) But my session ID still changes every time i...
by: listerofsmeg01 | last post by:
Hi all, Constructing my first web app, and wanted to enable session.use_trans_sid so that people without cookies could still use my site. After braving a nightmare of set_ini(), and .htaccess to try (without joy) to turn it on, I find when searching for help that the vast majority of people are trying to turn it OFF.
by: Mitul | last post by:
Hello everybody, I am developing a community site and almost all works are competed. There is major issue that I am facing is how to track user's online status. I am using session data to save user's login status. There are 2 major issues which I need to handle for tracking user's Online status. 1. When login user close his/her browser. 2. When session time out.
by: Matthew | last post by:
Hi, !!I'm A Newbie Alert!! My server runs PHP version 4.4.3. I'm successfully creating a session and can set and retrieve my own session variables. As far as I can tell the $_SESSION variable should be created
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.