We’ve been having some trouble at work with PHP session variables. It’s an evil Windows installation (don’t blame me, blame Pitman), I’ve pretty much concluded that it’s simply the implementation being flaky rather than a specific bug in the code. We’re getting a lot of now-it’s-working, now-it’s-not (NIWNIN?). Basically I suspect we might end up abandoning using PHP session management and rolling our own. What’s a girl to do?
The question of the day is – how do you manage your sessions? Are they any nice classes out there worth using? Should we stick with plain old cookies or use something more URLified? I see that with the PHP session handling functions you can set up your own save handler to use whatever mechanism you like. Possibly we might have more success setting a handler that uses our MySQL database. However, I’m not sure where within the PHP session handling the problem is occurring, so that may well not be an answer.
Any insights as to how you handle session management in PHP are seriously welcomed.
Comments
On windows boxes, you have to manually set-up the folder sessions are stored in. I use something like ”D:\session.temp\” or whatever. For security (and possibly leagal) reasons, its a good idea to turn off cookies in the php.ini file, and run sessions from the url. Also, change the variable PHPSESSID to something else.
Make sure you generate your own session id using md5, test it regularly, and be sure to set a reasonable time limit for your sessions. How many times have you sat at a website for longer than 30 mins?
If you’re looking to keep your app consistant with OOP, you might want to create a class with getter and setter functions, along with create/test/destroy functions.
Also, subscribe to PHP Architect.
Apart from this, unfortunately the way sessions are implemented in PHP, writing/reading files, is quite primitive... You should be able to find libraries to store sessions inside a database.
Massimo