Put the session into MySQL

Source: Internet
Author: User
Tags include connect mysql return
Mysql|session session is usually placed in the/tmp directory, and the folder's permissions are everbody readable, this is very scary! School Forum once someone through the session to steal account! So then try to put the session into the database, the table structure and process as follows:
Create a table
Create Sesslib.sql
CREATE TABLE Sesslib (
Data text,
Time datetime,
ID int (one) DEFAULT ' 0 ' not NULL auto_increment,
Sid varchar Not NULL,
PRIMARY KEY (ID),
UNIQUE sid (SID)
);
End

Xx.php customized the session's database path, and when a page needs to use//session, you can include this section, using the following method:
?
Include "xx.php";//xx.php
Session_Start ();
The following session will be used normally
?>

/******************************************************/
xx.php content:
/*****************************************************/
?
$sess _dbh= "";
$sess _maxlifetime=get_cfg_var ("Session.gc_maxlifetime");

function Sess_open ($save _path, $session _name) {
Global $hostname, $dbusername, $dbpassword, $dbname, $sess _dbh;

$sess _dbh=mysql_pconnect ($hostname, $dbusername, $dbpassword) or Die ("Cannot connect to the database!") ");
$sess _dbh=mysql_pconnect (' localhost ', ' test ', ' test ') or Die ("Cannot connect to the database!") ");

mysql_select_db ("$dbname") or Die ("Cannot select a database!") ");
mysql_select_db (' test ') or Die ("Cannot select a database!") ");
return (true);
}

function Sess_close () {
Mysql_close ();
return (true);
}

function Sess_read ($SID) {
Global $sess _DBH;

$result = mysql_query ("Select data from Sesslib where sid= ' $sid '", $sess _DBH);
$n =mysql_num_rows ($result);
if ($n ==0) {
Return ("");
}
else {
$sess _data=mysql_result ($result, 0);
Return ($sess _data);
}
}

function Sess_write ($sid, $sess _data) {
Global $sess _DBH;
if (!empty ($sess _data)) {
$r =mysql_query ("INSERT into Sesslib set sid= ' $sid ', data= ' $sess _data ', Time=now ()", $sess _DBH);
if (! $r) {//insertion failed, means the session is already there, update it
$r =mysql_query ("Update sesslib set sid= ' $sid ', data= ' $sess _data ', Time=now () where sid= ' $sid '", $sess _DBH);
}
return $r;
}}

function Sess_destroy ($SID) {
Global $sess _DBH;

$r =mysql_query ("Delete from sesslib where sid= ' $sid '", $sess _DBH);
return ($R);
}

function sess_gc ($maxlifetime) {
Global $sess _DBH, $sess _maxlifetime;

$r =mysql_query ("Delete from Sesslib where Unix_timestamp (now ())-unix_timestamp (time) > $sess _maxlifetime", $sess _ DBH);
Return Mysql_affected_rows ($sess _dbh);
}

Session_set_save_handler ("Sess_open", "Sess_close", "Sess_read", "Sess_write", "Sess_destroy", "sess_gc");

?>

So it's much safer ...

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.