Sessions and .pcgi

software development

#1

Anybody know if it is possible to have sessions from .php scripts carry over to .pcgi scripts somehow? TIA!


#2

It’s possible but it’s a pain in the ass!

By default, PHP session information is stored in a file. Because .php scripts run as the Apache user and .pcgi scripts run as you, they cannot share the same file.

Therefore, you must implement sessions using a database. Include the following script at the top of every file where you need a session. (This is a revision and extension of something I found on one of the PHP discussion sites. It works for me, but is provided with no assurances of any kind.)

Notes:

  1. Either define or replace the 4 constants: MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD, and MYSQL_DATABASE.
  2. Use the MySQL table definition at the bottom of the script to create a table in your database.

[code]<?php

/* call to session_start() and tbl_session definition are below */

ini_set(“session.save_handler”, “user”);

$session_connection = FALSE;
$max_lifetime = get_cfg_var(“session.gc_maxlifetime”);

function sess_open($save_path, $session_name) {
global $session_connection;

if( ! $session_connection = @mysql_pconnect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD) )
die(“sess_open: Cannot connect.”);

if( ! mysql_select_db(MYSQL_DATABASE, $session_connection) )
die(“sess_open: Cannot select database.”);

return true;
}

function sess_close() {
return true;
}

function sess_read($sess_id) {
global $session_connection;

$strSQL = " SELECT value
FROM tbl_session
WHERE sess_id = ‘$sess_id’ AND expiry > " . time();

$result = mysql_query($strSQL,$session_connection);

$record = mysql_fetch_assoc($result);
$value = $record[‘value’];

if ( !empty($value) )
return $value;
else
return ‘’;
}

function sess_write($sess_id, $val) {
global $session_connection, $max_lifetime;

$expiry = time() $max_lifetime;
$value = addslashes($val);

try insert

$strSQL = " INSERT INTO tbl_session
VALUES (’$sess_id’, $expiry, ‘$value’)";
$result = mysql_query($strSQL, $session_connection);

if( !$result ) { // update instead
$strSQL = " UPDATE tbl_session
SET expiry = $expiry, value = '$value’
WHERE sess_id = ‘$sess_id’";
$result = mysql_query($strSQL, $session_connection);
}

return $result;
}

function sess_destroy($sess_id) {
global $session_connection;

$strSQL = " DELETE FROM tbl_session
WHERE sess_id = ‘$sess_id’";
$result = mysql_query($strSQL, $session_connection);

return $result;
}

function sess_gc($maxlifetime) {
global $session_connection;

$strSQL = "DELETE FROM tbl_session WHERE expiry < " . time();
$result = mysql_query($strSQL, $session_connection);

return mysql_affected_rows($session_connection);
}

session_set_save_handler(
“sess_open”,
“sess_close”,
“sess_read”,
“sess_write”,
“sess_destroy”,
“sess_gc”);

session_start();

/*
CREATE TABLE tbl_session (
sess_id varchar(32) NOT NULL default ‘’,
expiry int(11) NOT NULL default ‘0’,
value text NOT NULL,
PRIMARY KEY (sess_id)
) TYPE=MyISAM;
*/
?>
[/code]
–David B.
“greendavid”


#3

Thanks GreenDavid, I will give this a try–I’ve been thinking about using database sessions anyway!


#4

I just noticed that in the post containing the session code, in the second line of function sess_write(), a plus sign is not displayed between “time()” and “$max_lifetime”.

The plus sign is in the orginal code, so there must be a problem with the display. The plus sign needs to be there for the function to work, obviously!

–David B.
“greendavid”


#5

[/quote]

That gave me a clue : so we will use another file…

Now it seems I can use sessions in pcgi files (without database) if I include (after creating the tmp directory) the following at the beginning of every file :

ini_set(“session.save_path”,"/home/path_to_my_user/tmp");

This change to the ini parameter “session.save_path” last only till the end of the script.


#6

Excellent! I will try this out.

–David B.
“greendavid”


#7

we can read at :
https://panel.dreamhost.com/kbase/index.cgi?area=2526

"If you’re using sessions, you’ll have to delete your cookie and get a new one. Once the script is running as YOUR user, the session files Apache created in /tmp won’t be readable (since your user can’t read /tmp files created by Apache’s user). If you delete your cookie and start a new session and all is well! "

I tried again, deleting existing ccokies… and… It works ! I mean, it works without need to change the session.save_path.
(I bet you and I tried first a *.php file, then renamed it as *.pcgi, and the script attempted to use the same cookie…)

But I still use ini_set() to configure session.cookie_path, session.cookie_lifetime, session.gc_maxlifetime…