Session Tracking: Part 2by W.J. Gilmore
As you learned in the last article, session tracking can add a whole new dimension to your web site. This week, I'll build upon what we learned, and show you how to create custom functions to store user session data. However, before delving further into how these functions are created, let's take a moment to ask why we would want to do this in the first place.
Why would it be necessary to create custom functions instead of using the default file method offered by PHP? Among other things, it facilitates the use of a database for storing session data. Database storage of session data is useful not only for reasons of efficiency, but also because it allows session information to be easily retrieved across different networks and domains.
If you remember from the last article, session information is stored by default within separate files -- one file for each session identification (SID) number. There are also two other methods in which session information can be stored: shared memory and via creation of the custom storage functions. I'll discuss configuration of the latter method in this section.
php.ini file and locate the directive:
session.save_handler = files ; handler used to store/retrieve data
To make use of the custom storage functions that I'll create later on in this article,
session.save_handler should be set as follows:
session.save_handler = user ; handler used to store/retrieve data
This tells the PHP engine that you intend to define your own session storage functions. We'll get to exactly how this is accomplished later.
Regardless of what storage media you intend to use, there are six functions that must be defined. These six functions perform the operations required by the PHP engine to carry out its session-handling functionality. I'll define each function's purpose and parameters here:
session_open() simply initializes any elements that may be used throughout the sessions process. The two input parameters
$session_name refer to the configuration directives found in the
php.ini. We'll use PHP's get_cfg_var() function to retrieve these configuration values in later examples.
session_close() operates much like a typical handler function does, closing any open resources initialized by
session_open(). As you can see, there are no input parameters for this function. Keep in mind that this does not destroy the session. That is the job of
session_destroy(), introduced later in this section.
This function reads the session data from the storage media. The input parameter
$sessionID refers to the session ID that will be used to identify the data stored for this particular client.
This function writes the session data to the storage media. The input parameter
$sessionID is the variable name, and the input parameter
$value is the session data.
This function is likely the last function you'll call in your script. It will destroy the session and all relevant session variables. The input parameter
$SID refers to the session ID in the currently open session.
This function effectively deletes all sessions that have expired. The input parameter
$lifetime refers to the session configuration directive
session.gc_maxlifetime, found in the