Your save handler has some problem...
Except read functin, all return values from handler is converted to
boolean and you should return TRUE for success, FALSE for failure.
For read function, you MUST return string *always*. Return "" (null
string) if there is nothing to read.
I've updated manual page, it'll be in manual shortly, also.
John Branstad wrote:
> We recently upgraded to php4.1.0 from 4.0.6 and now our custom session
> handling doesn't work! We are running on linux with apache, attempting to
> save session info to a MySQL database (I have session.save_handler=user).
> There are a couple issues:
>
> 1) Occassionally (can't seem to pin down exactly when) I try and access my
> site and get a "The page cannot be displayed" error in IE.
> a. The session_start() command seems to be causing this error - If i put
> die("here"); before session_start(), I see the message. If I move
> die("here"); after session_start(), I get the error.
> b. Clicking refresh (sometimes 1 time, sometimes 10 times) will
> eventually allow me to access my page.
>
> 2) The first time I access my page, I attempt to set a session variable
> ($_SESSION["foo"] = "bar;). When the page finishes loading, the session
> write handler is called which puts the session information in the database.
> However, there is nothing written to the value field! (It's still blank!)
> a. If I refresh the page, the session information is updated in the
> database, and now the value field has the correct entry (foo|s:3:"bar";)
>
> My session save handler is based on <a
> href="http://www.onlamp.com/pub/a/php/2001/05/10/sessions.html?page=2";>this
> article</a> I read:
> I'm attaching a copy of my sesssions.php file in case that will help anyone.
> The only modifications I made were to the read handler - I put in a return
> of the value from the SELECT. If I take that statement out, problem 1) goes
> away, but I would NEVER get session information saved into the database!??!
> (only the SessionID would be stored)
>
> Did something change in session handling from 4.0.6 to 4.1.0? If I can't
> figure this out, we have no choice but to roll back to 4.0.6, but I really
> love the security additions of 4.1.0 - Help!!! MUCH THANKS IN ADVANCE.
>
> John
>
>
>
> <?php
>
> /*
> ****************************************
> **
> ** Name: template.php
> **
> ** Author: Cory Factor
> **
> ****************************************
> */
>
> // These variables are set in the database_settings.php file
> // which is included using the auto_prepend_file PHP configuration
> //
> $SESS_DBHOST = $Global_DBHOST; /* database server hostname */
> $SESS_DBNAME = $Global_DBNAME; /* database name */
> $SESS_DBUSER = $Global_DBUSER; /* database user */
> $SESS_DBPASS = $Global_DBPASS; /* database password */
> //
> // End of auto_prepend_file variables
>
>
> $SESS_TABLE = "sessions";
> $SESS_LIFE = get_cfg_var("session.gc_maxlifetime");
> $SESS_DB = "";
>
> /*
> print("host: $SESS_DBHOST<br>");
> print("name: $SESS_DBNAME<br>");
> print("user: $SESS_DBUSER<br>");
> print("pass: $SESS_DBPASS<br>");
> print("sessid: $PHPSESSID<br>");
> print("life: $SESS_LIFE<br>");
> //die();
> */
>
> function sess_open($save_path, $session_name) {
> global $SESS_DBHOST, $SESS_DBUSER, $SESS_DBPASS, $SESS_DBNAME, $SESS_DB;
>
> if ( !mysql_pconnect($SESS_DBHOST, $SESS_DBUSER, $SESS_DBPASS)) {
> echo "<li>Can't connect to $SESS_DBHOST as $SESS_DBUSER";
> echo "<li>MySQL Error: ", mysql_error();
> die;
> }
> if ( ! mysql_select_db($SESS_DBNAME)) {
> echo "<li>Unable to select database $SESS_DBNAME";
> die;
> }
> }
>
> function sess_close() {
> return true;
> }
>
> function sess_read($SID) {
> global $SESS_DB, $SESS_TABLE;
>
> $qry = "SELECT value FROM $SESS_TABLE WHERE sesskey = '$SID' AND expiry > " .
>time();
> $result = mysql_query($qry);
>
>
> if (list($value) = mysql_fetch_row($result)) {
> return $value;
> }
> }
>
> function sess_write($SID, $val) {
> global $SESS_DB, $SESS_TABLE, $SESS_LIFE;
>
> $expiry = time() + $SESS_LIFE;
>
> $qry = "INSERT INTO $SESS_TABLE VALUES ('$SID', '$expiry', '$value')";
> $result = mysql_query($qry);
>
> if (! $result) {
> $qry = "UPDATE $SESS_TABLE SET expiry = '$expiry', value = '$value'
>WHERE sesskey = '$SID' AND expiry > " . time();
> $result = mysql_query($qry);
> }
> }
>
> function sess_destroy($SID) {
> global $SESS_TABLE;
>
> $qry = "DELETE FROM $SESS_TABLE WHERE sesskey = '$SID'";
> $result = mysql_query($qry);
> }
>
> function sess_gc($SESS_LIFE) {
> global $SESS_TABLE;
>
> $qry = "DELETE FROM $SESS_TABLE WHERE expiry < " . time() - $SESS_LIFE;
> $result = mysql_query($qry);
>
> return mysql_affected_rows($result);
> }
>
> session_set_save_handler(
> "sess_open",
> "sess_close",
> "sess_read",
> "sess_write",
> "sess_destroy",
> "sess_gc");
> ?>
>
--
Yasuo Ohgaki
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
