I'm trying to write sessions to database using session_set_save_handler(). I'm getting an infinite loop, where my system wants to log me in, but cannot find the session, so it logs me out... but the session exists apparently - just not in the table.
Anyway, here's my code for the session functions - I don't think there's anything wrong here:
<?php
// session.functions.php
$db = new mysqli("127.0.0.1", "user", "pass", "db");
// define 'openSession()' function
function openSession($sessionPath, $sessionName) {
return true;
}
// define 'closeSession()' function
function closeSession() {
return true;
}
// define 'readSession()' method
function readSession($sessionId) {
global $db;
// escape session ID
if (!get_magic_quotes_gpc()) {
$sessionId = $db->real_escape_string($sessionId);
}
$result = $db->query("SELECT sessiondata FROM sessions WHERE
sessionid='$sessionId' AND expiry > NOW()");
if ($result->num_rows > 0) {
$row = $result->fetchRow();
return $row['sessiondata'];
}
// return empty string
return "";
}
// define 'writeSession()' function
function writeSession($sessionId, $sessionData) {
global $db;
$expiry = time() + get_cfg_var('session.gc_maxlifetime') - 1;
// escape session ID & session data
if (!get_magic_quotes_gpc()) {
$sessionId = $db->real_escape_string($sessionId);
}
$result = $db->query("SELECT sessionid FROM sessions WHERE
sessionid='$sessionId'");
// check if a new session must be stored or an existing one must be updated
($result->num_rows > 0) ? $db->query("UPDATE sessions SET sessionid='$sessionId',expiry='$expiry',sessiondata=
'$sessionData' WHERE sessionid='$sessionId'") or die(mysqli_error($db)) : $db->query("INSERT INTO sessions (sessionid,expiry,sessiondata) VALUES ('$sessionId','$expiry','$sessionData')") or die(mysqli_error($db));
return true;
}
// define 'destroySession()' function
function destroySession($sessionId) {
global $db;
// escape session ID
if (!get_magic_quotes_gpc()) {
$sessionId = $db->real_escape_string($sessionId);
}
$db->query("DELETE FROM sessions WHERE sessionid='$sessionId'");
return true;
}
// define 'gcSession()' function
function gcSession($maxlifetime) {
global $db;
$db->query("DELETE FROM sessions WHERE expiry < NOW()");
return true;
}
?>
This is the session setting for login:
$this->set_session(array_merge($rs->fetch_assoc(), array('expires' => time() + (15 * 60))));
set by function:
private function set_session($a=false) {
if (!empty($a)) {
$_SESSION['exp_user'] = $a;
}
}
How does my login system check to see if I'm already logged in?
public function check_status() {
if (empty($_SESSION['exp_user']) || @$_SESSION['exp_user']['expires'] < time()) {
return false;
} else {
return true;
}
}
and the check in the web application itself:
// This is in authorisation.php
if(empty($_SESSION['exp_user']) || @$_SESSION['exp_user']['expires'] < time()) {
header("location:/login.php"); //@ redirect
} else {
$_SESSION['exp_user']['expires'] = time()+(15*60); //@ renew 15 minutes
//echo $SID = session_id();
}
Now, this is what I have in that index.php file at the top:
require('includes/session.functions.php');
session_set_save_handler('openSession', 'closeSession', 'readSession', 'writeSession', 'destroySession', 'gcSession');
session_start();
include('includes/authorisation.php');
Here's the database:
If I comment out session_set_save_handler(), we don't get the loop, however, if I keep it there in action, I get the loop between index and the login system (already logged in -> index ::check login loop.)
Any ideas what I'm doing wrong?
