Index of /~stanojr/projects/session_mysql
mysql session save handler for php
Author: Pavel Stano <stano@websupport.sk>
Homepage: http://websupport.sk/~stanojr/projects/session_mysql/
Licence: dual licence beerware / MIT (you can choose)
Copyright 2005 by Pavel Stano. All rights reserved
SOME THINGS TO KNOW
- support locking
- php must be compiled with mysql support
patches and comments are welcome
--------
CHANGELOG
10.09.2007 - ver 1.10 - fix memory leak (patch from Elan Ruusamäe)
- resolve session handle being broken until webserver restar tif the connection to mysql server is dropped
(either due server restart or server timeout)
(patch from Elan Ruusamäe)
- fix segmentation fault when no module php.ini setting is set (thanks to Elan Ruusamäe)
17.11.2006 - ver 1.9 - fixed compilation with ZTS (thanks to Elan Ruusamäe)
- default port set to 3306 (thanks to Juan Fernández)
17.04.2006 - ver 1.8 - fixed persistent connections with mysql 5.0 client library (thanks to zoeloelip)
- fixed session_destroy - when affected rows==0 we must return SUCCESSFUL (thanks to zoeloelip)
- add port, sock variables to session_mysql.db
09.03.2006 - ver 1.7 - security fix - db/login/pass can be retrieved via get_cfg_var('session_mysql.db')
so change back to standard ini parsing function PHP_INI_MH
and replace string session_mysql.db with character ' ' (SPACE) after parsing
- everything can be now changed via .htaccess (session_mysql.db too)
- support for hardened patch (http://hardened-php.net/)
25.02.2006 - ver 1.6 - fixed bug that caused SEGFAULT on 64bit system (because we use size_t for vallen variable and really it is int type)
22.11.2005 - ver 1.5 - add optimize table in destroy function
- licence changed from beerware to dual licence beerware / MIT (MIT is BSD like, so you can sell it you evil capitalist ;))
19.11.2005 - ver 1.4 - fixed reading of session data where is NULL ('\0')
15.11.2005 - ver 1.3 - add release_lock in destroy function
- append sess_host after sess_key in get_lock and release_lock
- these options can be changed in .htaccess and httpd.conf via php_flag directive (lock_timeout via php_value, because it is stored as string)
session_mysql.hostcheck
session_mysql.hostcheck_www
session_mysql.locking
session_mysql.lock_timeout
session_mysql.quiet
06.11.2005 - ver 1.2 - fixed some bugs
- locking support via GET_LOCK()/RELEASE_LOCK(), so locking is possible with myisam)
- new option session_mysql.quiet, default 0, when set to 1, return in many functions SUCCESSFUL, so upper session functions dont log really anything
- chaged sess_val in create table from blob(64kB) to mediumblob(16MB)
06.11.2005 - ver 1.1 - dont display session_mysql.db in phpinfo, because there is mysql user and password :)
05.11.2005 - ver 1.0 - first release
--------
HOW TO INSTALL
1. create database,table and user on mysql
sql commands:
create database phpsession;
grant all privileges on phpsession.* to phpsession identified by "phpsession"; -- CHANGE DEFAULT PASSWORD
create table phpsession(
sess_key char(64) not null,
sess_mtime int(10) unsigned not null,
sess_host char(64) not null,
sess_val mediumblob not null,
index i_key(sess_key(6)),
index i_mtime(sess_mtime),
index i_host(sess_host)
);
2. install this extension
/path/to/phpize
./configure --enable-session-mysql --with-php-config=/path/to/php-config --with-mysql=/path/to/mysql
make
make install
3. configure php.ini
session.save_handler = "mysql"
session_mysql.db="host=localhost db=phpsession user=phpsession pass=phpsession" -- CHANGE DEFAULT PASSWORD
4. restart apache
--------
CONFIGURATION OPTIONS (and default values after =)
session_mysql.db="host=localhost db=phpsession user=phpsession pass=phpsession"
you can additionaly use sock and port
session_mysql.hostcheck="1"
when inserting, retreiving and deleting session from database, add a check for $_SERVER['SERVER_NAME']
this disables potential security problem (when used in mass virtualhosting), because users cannot read and edit session for other domains
$_SERVER['SERVER_NAME'] is copied to local variable before script is executed, so when users change $_SERVER['SERVER_NAME']
variable, it does not hurt
session_mysql.hostcheck_removewww="1"
remove "www." if exist from $_SERVER['SERVER_NAME'], so same session on www.example.com and example.com will work
session_mysql.persistent="1"
use persistent connection to mysql (every 1 httpd process will use 1 connection to mysql)
session_mysql.gc_maxlifetime="21600"
remove sessions older than 21600 seconds when GC (garbage collector) is waked
session_mysql.locking="1"
locking support via GET_LOCK()/RELEASE_LOCK(), for more information read this http://www.issociate.de/board/post/184369/warning_&_question_about_mysql_sessions_&_concurrency.html
session_mysql.lock_timeout="5"
lock timeout, default 5 seconds
session_mysql.quiet="0"
when set to 1, return always SUCCESSFUL, so upper session functions dont log really anything
OTHER USEFUL OPTIONS
session.save_handler - must be set to "mysql"
session.gc_probability = 1
session.gc_divisor = 100
Define the probability that the 'garbage collection' process is started
on every session initialization.
The probability is calculated by using gc_probability/gc_divisor,
e.g. 1/100 means there is a 1% chance that the GC process starts
on each request.
![[ICO]](/icons/blank.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}