Method | Description | |
---|---|---|
__construct ( resource &$link, string $security_code, integer $session_lifetime = '', boolean $lock_to_user_agent = true, boolean $lock_to_ip = false, integer $gc_probability = '', integer $gc_divisor = '', string $table_name = 'session_data', string $lock_timeout = 60 ) : void | Constructor of class. Initializes the class and automatically calls {@link http://php.net/manual/en/function.session-start.php start_session()}. | |
_manage_flashdata ( ) | Manages flashdata behind the scenes | |
close ( ) | Custom close() function | |
destroy ( $session_id ) | Custom destroy() function | |
gc ( ) | Custom gc() function (garbage collector) | |
get_active_sessions ( ) : integer | Get the number of active sessions - sessions that have not expired. | |
get_settings ( ) : array | Queries the system for the values of session.gc_maxlifetime, session.gc_probability and session.gc_divisor and returns them as an associative array. | |
open ( $save_path, $session_name ) | Custom open() function | |
read ( $session_id ) | Custom read() function | |
regenerate_id ( ) : void | Regenerates the session id. | |
set_flashdata ( string $name, string $value ) : void | Sets a "flashdata" session variable which will only be available for the next server request, and which will be automatically deleted afterwards. | |
stop ( ) : void | Deletes all data related to the session | |
write ( $session_id, $session_data ) | Custom write() function |
Method | Description | |
---|---|---|
_mysql_affected_rows ( ) | Wrapper for PHP's "mysqli_affected_rows" function. | |
_mysql_error ( ) | Wrapper for PHP's "mysqli_error" function. | |
_mysql_ping ( ) | Wrapper for PHP's "mysqli_ping" function. | |
_mysql_query ( $query ) | Wrapper for PHP's "mysqli_query" function. | |
_mysql_real_escape_string ( $string ) | Wrapper for PHP's "mysqli_real_escape_string" function. |
first, connect to a database containing the sessions table
include the class
require 'path/to/Zebra_Session.php';
start the session
where $link is a connection link returned by mysqli_connect
$session = new Zebra_Session($link, 'sEcUr1tY_c0dE');
By default, the cookie used by PHP to propagate session data across multiple pages ('PHPSESSID') uses the
current top-level domain and subdomain in the cookie declaration.
Example: www.domain.com
This means that the session data is not available to other subdomains. Therefore, a session started on
www.domain.com will not be available on blog.domain.com. The solution is to change the domain PHP uses when it
sets the 'PHPSESSID' cookie by calling the line below *before* instantiating the Zebra_Session library.
takes the domain and removes the subdomain
blog.domain.com becoming .domain.com
ini_set(
'session.cookie_domain',
substr($_SERVER['SERVER_NAME'], strpos($_SERVER['SERVER_NAME'], '.'))
);
From now on whenever PHP sets the 'PHPSESSID' cookie, the cookie will be available to all subdomains! public __construct ( resource &$link, string $security_code, integer $session_lifetime = '', boolean $lock_to_user_agent = true, boolean $lock_to_ip = false, integer $gc_probability = '', integer $gc_divisor = '', string $table_name = 'session_data', string $lock_timeout = 60 ) : void | ||
$link | resource | An object representing the connection to a MySQL Server, as returned
by calling {@link http://www.php.net/manual/en/mysqli.construct.php mysqli_connect}.
If you use {@link http://stefangabos.ro/php-libraries/zebra-database/ Zebra_Database}
to connect to the database, you can get the connection to the MySQL server
via Zebra_Database's {@link http://stefangabos.ro/wp-content/docs/Zebra_Database/Zebra_Database/Zebra_Database.html#methodget_link get_link}
method.
@param string $security_code The value of this argument is appended to the string created by
concatenating the user's User Agent (browser) string (or an empty string
if "lock_to_user_agent" is FALSE) and to the user's IP address (or an
empty string if "lock_to_ip" is FALSE), before creating an MD5 hash out
of it and storing it in the database.
On each call this value will be generated again and compared to the
value stored in the database ensuring that the session is correctly linked
with the user who initiated the session thus preventing session hijacking.
To prevent session hijacking, make sure you choose a string around
12 characters long containing upper- and lowercase letters, as well as
digits. To simplify the process, use {@link https://www.random.org/passwords/?num=1&len=12&format=html&rnd=new this}
link to generate such a random string.
@param integer $session_lifetime (Optional) The number of seconds after which a session will be considered
as expired.
Expired sessions are cleaned up from the database whenever the garbage
collection routine is run. The probability of the garbage collection
routine to be executed is given by the values of $gc_probability
and $gc_divisor. See below.
Default is the value of session.gc_maxlifetime as set in in php.ini.
Read more at {@link http://www.php.net/manual/en/session.configuration.php}
To clear any confusions that may arise: in reality, session.gc_maxlifetime
does not represent a session's lifetime but the number of seconds after
which a session is seen as garbage and is deleted by the garbage
collection routine. The PHP setting that sets a session's lifetime is
session.cookie_lifetime and is usually set to "0" - indicating that
a session is active until the browser/browser tab is closed. When this class
is used, a session is active until the browser/browser tab is closed and/or
a session has been inactive for more than the number of seconds specified
by session.gc_maxlifetime.
To see the actual value of session.gc_maxlifetime for your
environment, use the {@link get_settings()} method.
Pass an empty string to keep default value.
@param boolean $lock_to_user_agent (Optional) Whether to restrict the session to the same User Agent (or
browser) as when the session was first opened.
The user agent check only adds minor security, since an attacker that
hijacks the session cookie will most likely have the same user agent.
In certain scenarios involving Internet Explorer, the browser will randomly
change the user agent string from one page to the next by automatically
switching into compatibility mode. So, on the first load you would have
something like:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; etc...
and reloading the page you would have
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; etc...
So, if the situation asks for this, change this value to FALSE.
Default is TRUE.
@param boolean $lock_to_ip (Optional) Whether to restrict the session to the same IP as when the
session was first opened.
Use this with caution as many users have dynamic IP addresses which may
change over time, or may come through proxies.
This is mostly useful if your know that all your users come from static IPs.
Default is FALSE.
@param integer $gc_probability (Optional) Used in conjunction with $gc_divisor. It defines the
probability that the garbage collection routine is started.
The probability is expressed by the formula:
$probability = $gc_probability / $gc_divisor;
So, if $gc_probability is 1 and $gc_divisor is 100, it means
that there is a 1% chance the the garbage collection routine will
be called on each request.
Default is the value of session.gc_probability as set in php.ini.
Read more at {@link http://www.php.net/manual/en/session.configuration.php}
To see the actual value of session.gc_probability for your
environment, and the computed probability, use the
{@link get_settings()} method.
Pass an empty string to keep default value.
@param integer $gc_divisor (Optional) Used in conjunction with $gc_probability. It defines the
probability that the garbage collection routine is started.
The probability is expressed by the formula:
$probability = $gc_probability / $gc_divisor;
So, if $gc_probability is 1 and $gc_divisor is 100, it means
that there is a 1% chance the the garbage collection routine will
be called on each request.
Default is the value of session.gc_divisor as set in php.ini.
Read more at {@link http://www.php.net/manual/en/session.configuration.php}
To see the actual value of session.gc_divisor for your
environment, and the computed probability, use the
{@link get_settings()} method.
Pass an empty string to keep default value.
@param string $table_name (Optional) Name of the MySQL table used by the class.
Default is session_data.
@param string $lock_timeout (Optional) The maximum amount of time (in seconds) for which a lock on
the session data can be kept.
This must be lower than the maximum execution time of the script!
Session locking is a way to ensure that data is correctly handled in a
scenario with multiple concurrent AJAX requests.
Read more about it at
{@link http://thwartedefforts.org/2006/11/11/race-conditions-with-ajax-and-php-sessions/}
Default is 60
@return void |
$security_code | string | |
$session_lifetime | integer | |
$lock_to_user_agent | boolean | |
$lock_to_ip | boolean | |
$gc_probability | integer | |
$gc_divisor | integer | |
$table_name | string | |
$lock_timeout | string | |
return | void |
first, connect to a database containing the sessions table
include the class
require 'path/to/Zebra_Session.php';
start the session
where $link is a connection link returned by mysqli_connect
$session = new Zebra_Session($link, 'sEcUr1tY_c0dE');
get the (approximate) number of active sessions
$active_sessions = $session->get_active_sessions();
public get_active_sessions ( ) : integer | ||
return | integer | Returns the number of active (not expired) sessions. |
include the class
require 'path/to/Zebra_Session.php';
instantiate the class
$session = new Zebra_Session();
get default settings
print_r('
');
print_r($session->get_settings());
would output something similar to (depending on your actual settings)
Array
(
[session.gc_maxlifetime] => 1440 seconds (24 minutes)
[session.gc_probability] => 1
[session.gc_divisor] => 1000
[probability] => 0.1%
)
public get_settings ( ) : array | ||
return | array |
first, connect to a database containing the sessions table
include the class
require 'path/to/Zebra_Session.php';
start the session
where $link is a connection link returned by mysqli_connect
$session = new Zebra_Session($link, 'sEcUr1tY_c0dE');
regenerate the session's ID
$session->regenerate_id();
public regenerate_id ( ) : void | ||
return | void |
first, connect to a database containing the sessions table
include the library
require 'path/to/Zebra_Session.php';
start the session
where $link is a connection link returned by mysqli_connect
$session = new Zebra_Session($link, 'sEcUr1tY_c0dE');
set "myvar" which will only be available
for the next server request and will be
automatically deleted afterwards
$session->set_flashdata('myvar', 'myval');
Flashdata session variables can be retrieved as any other session variable:
if (isset($_SESSION['myvar'])) {
do something here but remember that the
flashdata session variable is available
for a single server request after it has
been set!
}
first, connect to a database containing the sessions table
include the class
require 'path/to/Zebra_Session.php';
start the session
where $link is a connection link returned by mysqli_connect
$session = new Zebra_Session($link, 'sEcUr1tY_c0dE');
end current session
$session->stop();