A PHP library acting as a wrapper for PHP's default session handling functions which stores data in a MySQL database, providing both better performance and better security and protection against session fixation and session hijacking.
A drop-in replacement for PHP's default session handler which stores session data in a database, providing both better performance and better security and protection against session fixation and session hijacking.
Session2DB implements session locking - a way to ensure that data is correctly handled in a scenario with multiple concurrent AJAX requests.
It is also a solution for applications that are scaled across multiple web servers (using a load balancer or a round-robin DNS) and where the user's session data needs to be available. Storing sessions in a database makes them available to all of the servers!
The library supports "flashdata" - session variable which will only be available for the next server request, and which will be automatically deleted afterwards. Typically used for informational or status messages (for example: "data has been successfully updated").
The code is heavily commented and generates no warnings/errors/notices when PHP's error reporting level is set to E_ALL.
PHP 7.x with the mysqli extension activated, MySQL 5.x+ (recommanded: mysqlnd extension)
composer require voku/session2db
After installing, you will need to initialise the database table from the install directory from this repo, it will containing a file named session_data.sql. This file contains the SQL code that will create a table that is used by the class to store session data. Import or execute the SQL code using your preferred MySQL manager (like phpMyAdmin or the fantastic Adminer) into a database of your choice.
*Note that this class assumes that there is an active connection to a MySQL database and it does not attempt to create one!
// // simple (dirty) example // <?php use voku\db\DB; use voku\helper\Session2DB; DB::getInstance('hostname', 'username', 'password', 'database'); new Session2DB(); // from now on, use sessions as you would normally // this is why it is called a "drop-in replacement" :) $_SESSION['foo'] = 'bar';
// // extended example // <?php use voku\db\DB; use voku\helper\DbWrapper4Session; use voku\helper\Session2DB; // include autoloader require_once 'composer/autoload.php'; // initialize the database connection e.g. via "voku\db\DB"-class $db = DB::getInstance( 'hostname', // e.g. localhost 'username', // e.g. user_1 'password', // e.g. ****** 'database', // e.g. db_1 'port', // e.g. 3306 'charset', // e.g. utf8mb4 true, // e.g. true|false (exit_on_error) true, // e.g. true|false (echo_on_error) '', // e.g. 'framework\Logger' (logger_class_name) '' // e.g. 'DEBUG' (logger_level) ); // you can also use you own database implementation via the "Db4Session"-interface, // take a look at the "DbWrapper4Session"-class for a example $db_wrapper = new DbWrapper4Session($db); // initialize "Session to DB" new Session2DB( 'add_your_own_security_code_here', // security_code 0, // session_lifetime false, // lock_to_user_agent false, // lock_to_ip 1, // gc_probability 1000, // gc_divisor 'session_data', // table_name 60, // lock_timeout $db_wrapper, // db (must implement the "Db4Session"-interface) true // start_session (start the session-handling automatically, otherwise you need to use session2db->start() afterwards) ); // from now on, use sessions as you would normally // this is why it is called a "drop-in replacement" :) $_SESSION['foo'] = 'bar'; // data is in the database!
For professional support please contact me.
- Thanks to GitHub (Microsoft) for hosting the code and a good infrastructure including Issues-Managment, etc.
- Thanks to IntelliJ as they make the best IDEs for PHP and they gave me an open source license for PhpStorm!
- Thanks to Travis CI for being the most awesome, easiest continous integration tool out there!
- Thanks to StyleCI for the simple but powerfull code style check.
- Thanks to PHPStan && Psalm for relly great Static analysis tools and for discover bugs in the code!