Session Handling From Scratch

后端 未结 3 1005
余生分开走
余生分开走 2021-02-06 19:04

I want to create a session handler from scratch. I don\'t want to use session_set_save_handler. I can\'t find anything anywhere though and I just don\'t know where

相关标签:
3条回答
  • 2021-02-06 19:31

    You don't need to use PHP's session handling if you use encrypted cookies. Basically, standard sessions store the data on the server (memcache, file, or database), and the ID/key to the data is placed in a cookie given to the user agent.

    Encrypted cookies just store the data in a cookie on the user agent and forgo the ID/key altogether. This reduces server load as storage is offloaded to the user.

    If the data isn't important enough to encrypt, you can also just HMAC sign the cookie contents to prevent people from changing it even though they can see the raw contents.

    You might want to try out my simple PHP Kit library which uses encrypted cookies.

    $_SESSION = \Kit\Cookie::get('session');
    ...do stuff...
    \Kit\Cookie::set('session', $_SESSION);
    

    Just make sure you save the cookie before you send any output to the user since all headers need to be sent first.

    0 讨论(0)
  • 2021-02-06 19:32

    what i do when calling session's

    //to start session and set the var's

    session_start();

    $_SESSION['login']='yes';

    $_SESSION['someinfo']=$var;

    //when calling

    session_start();

    $var= $_SESSION['someinfo'];

    i hope this helps

    -kris

    0 讨论(0)
  • 2021-02-06 19:35

    There are few things to note when trying to build your own session mechanism.

    First thing you can do is to write a PHP Session wrapper. Class that would wrap up PHP Session functionality. So when you want to use Sessions you can instantiate your session class and do things you want with sessions. You can do something like this:

    class Session
        {
            /**
             * Starts new or resumes existing session
             * 
             * @access  public
             * @return  bool
             */
    
            public function start()
            {
                if(session_start()) {
                    return true;
                }
                return false;
            }
    
            /**
             * End existing session, destroy, unset and delete session cookie
             * 
             * @access  public
             * @return  void
             */
    
            public function end()
            {
                if($this->status != true) {
                    $this->start();
                }
    
                session_destroy();
                session_unset();
                setcookie(session_name(), null, 0, "/");
            }
    
            /**
             * Set new session item
             * 
             * @access  public
             * @param   mixed
             * @param   mixed
             * @return  mixed
             */
    
            public function set($key, $value)
            {           
                return $_SESSION[$key] = $value;
            }
    
            /**
             * Checks if session key is already set
             * 
             * @access  public
             * @param   mixed  - session key
             * @return  bool 
             */
    
            public function has($key)
            {
                if(isset($_SESSION[$key])) {
                    return true;
                }
    
                return false;
            }   
    
            /**
             * Get session item
             * 
             * @access  public
             * @param   mixed
             * @return  mixed
             */
    
            public function get($key)
            {
                if(!isset($_SESSION[$key])) {
                    return false;
                }
    
                return $_SESSION[$key];         
            }
        }
    

    Then you can use this session class like this:

    $session = new Session();
    $session->start();
    $session->set('id', 5);
    echo $session->get('id);
    

    I like this since I can use PHP Sessions like objects and don't have to use PHP functions. But note that you are anyway using PHP functions, you just dont see it when using this class. Doing this can help you to deeply understand how PHP sessions work.

    If you decide to bite the bullet and write your own session mechanism, there are few things to note. First thing you need to decide is where will you store session information? You can save them in database, on file system, in a cookie etc... By default PHP saves sessions on file system. The easiest way to write your own session mechanism is to save sessions into a cookie. Codeigniter does that by default if you use Codeigniter sessions.

    You would write your own object, that would have methods for you to read, write, edit, delete... session array. That array would have to be serialized before saving into cookie. Once sessions are saved in a cookie, you can use methods you wrote to get them out, edit them or delete them etc. When doing so, pay attention to security, since user can view their cookies. You would have to crypt session value.

    Then if you decide to save sessions into a database you can use those same methods you have, but this time save sessions into database instead into cookie.

    The best way to go would be to write Session Interface, that every session class would implement. This way you could use your Session class, and don't care about where are sessions stored.

    If you dont understand what am I talking about now, then just build your own session wrapper, this could help you to learn more about sessions. And gave you nice way of dealing with sessions using OOP. Once you have that, you can use that API to write your Session Interface, and implement that interface in every Session class, and write your own logic how and where would you save session data.

    And one more thing, there is nothing wrong with PHP Sessions mechanism.

    0 讨论(0)
提交回复
热议问题