Chapter 15: usersession.phpm

carlolsen · April 18th, 2007, 08:29 AM

I'm getting the same errors with my code:

Fatal error: Call to private method UserSession::_session_write_method() from context '' in Unknown on line 0

Fatal error: Call to private method UserSession::_session_close_method() from context '' in Unknown on line 0

changing the access for the methods from "private" to "public" fixes it, but I'm not sure why.

Carl Olsen
www.carl-olsen.com

carlolsen · May 2nd, 2007, 02:34 PM

This keeps it from writing a new row in the database every time a new variable value for the same variable name is created during the session, as previous posters have already demonstrated.

Code:

    public function __set($nm, $val)
    {
        $strSer = serialize($val);
        $rows = 0;
        $sql = "SELECT COUNT(*) AS r FROM session_variable WHERE session_id = " . $this->native_session_id . " AND variable_name = '" . $nm . "'";
        if($stmt = $this->fconn->prepare($sql))
        {
            $stmt->execute();
            $stmt->bind_result($r);
            $stmt->fetch();
            $rows = $r;
            $stmt->free_result();
            $stmt->close();
        }
        if($rows > 0)
        {
            $sql = "UPDATE session_variable SET variable_value = '" . $strSer . "' WHERE session_id = " . $this->native_session_id . " AND variable_name = '" . $nm . "'";
            if($stmt = $this->fconn->prepare($sql))
            {
                $stmt->execute();
                $stmt->close();
            }
        }
        else
        {
            $sql = "INSERT INTO session_variable (session_id, variable_name, variable_value) VALUES (" . $this->native_session_id . ",'" . $nm . "','" . $strSer . "')";
            if($stmt = $this->fconn->prepare($sql))
            {
                $stmt->execute();
                $stmt->close();
            }
        }
    }

Carl Olsen
www.carl-olsen.com

carlolsen · May 4th, 2007, 09:04 AM

There needs to be some way of clearing old session and variable data
from the database beyond the methods in the constructor (which only
clean the old data for the session stored in the cookie). It looks
like deleting the cookie from the browser cache would leave these
records orphaned indefinitely without some method of clearing them
each time the class is called. I've added the appropriate "else"
branch to the if(isset($_COOKIE["PHPSESSID"])) logic statement.

Code:

    public function __construct()
    {
        # Connect to database
        parent::__construct();
        # Set up the handler
        session_set_save_handler(
            array(&$this, '_session_open_method'),
            array(&$this, '_session_close_method'),
            array(&$this, '_session_read_method'),
            array(&$this, '_session_write_method'),
            array(&$this, '_session_destroy_method'),
            array(&$this, '_session_gc_method')
        );
        # Check the cookie passed - if one is - if it looks wrong we'll scrub it right away
        $strUserAgent = $_SERVER["HTTP_USER_AGENT"];
        $strUserIP = $_SERVER["REMOTE_ADDR"];
        if (isset($_COOKIE["PHPSESSID"]))
        {
            # Security and age check
            $this->php_session_id = $_COOKIE["PHPSESSID"];
            $sql = "SELECT id FROM user_session WHERE ascii_session_id = '" . $this->php_session_id . "' AND DATE_SUB(NOW(), INTERVAL " . $this->session_lifespan . " SECOND) < created AND user_agent = '" . $strUserAgent . "' AND user_ip = '" . $strUserIP . "' AND DATE_SUB(now(), INTERVAL " . $this->session_timeout . " SECOND) <= last_impression OR last_impression IS NULL";
            $rows = 0;
            if($stmt = $this->fconn->prepare($sql))
            {
                $stmt->execute();
                $stmt->bind_result($id);
                while($stmt->fetch())
                {
                    $this->native_session_id = $id;
                    $rows++;
                }
                $stmt->free_result();
                $stmt->close();
            }
            if($rows == 0)
            {
                # Set failed flag
                $failed = 1;
                # Delete from database - we do garbage cleanup at the same time
                $sql = "DELETE FROM user_session WHERE (ascii_session_id = '" . $this->php_session_id . "') OR DATE_SUB(now(), INTERVAL " . $this->session_lifespan . " SECOND) > created";
                if($stmt_user = $this->fconn->prepare($sql))
                {
                    $stmt_user->execute();
                    $stmt_user->close();
                }
                # Clean up stray session variables
                $sql = "DELETE FROM session_variable WHERE session_id NOT IN (SELECT id FROM user_session)";
                if($stmt_vars = $this->fconn->prepare($sql))
                {
                    $stmt_vars->execute();
                    $stmt_vars->close();
                }
                # Get rid of this one... this will force PHP to give us another
                unset($_COOKIE["PHPSESSID"]);
            }
        }
        else
        {
            # Delete from database - we do garbage cleanup at the same time
            $sql = "DELETE FROM user_session WHERE DATE_SUB(now(), INTERVAL " . $this->session_lifespan . " SECOND) > created";
            if($stmt_user = $this->fconn->prepare($sql))
            {
                $stmt_user->execute();
                $stmt_user->close();
            }
            # Clean up stray session variables
            $sql = "DELETE FROM session_variable WHERE session_id NOT IN (SELECT id FROM user_session)";
            if($stmt_vars = $this->fconn->prepare($sql))
            {
                $stmt_vars->execute();
                $stmt_vars->close();
            }
        }
        # Set the life time for the cookie
        session_set_cookie_params($this->session_lifespan);
        # Call the session_start method to get things started
        session_start();
          session_cache_limiter("no-cache, must-revalidate");
    }

Carl Olsen
www.carl-olsen.com