Custom Session Handler Error. Please helP!

vr4lyfe

I am tryin to create a custom session handler using a MySQL DB but I ran into a problem. Hoping you guys can help.

When I load the page, I get this error:

Fatal error: session_start(): Failed to initialize storage module. in C:\Program Files\Apache2\htdocs\session_test.html on line 4

I have session.auto_start ON so I dont know why I am getting this.

I am running on win2k pro and apache 2, php4.

Incase anyone is interested, here's the code for session_test.html.

<?PHP
#include("handler.php");
session_start();
session_register("count");

$count++;

if($action == "destroy"){
	session_destroy();
} elseif (action == "gc"){
	$maxlife = get_cfg_var("session.gc_maxlifetime");
	sessionGc($maxlife);
} elseif (!action){
	echo ("No action specified.<br>");
} else {
	echo ("Cannot do $action with the session handlers.<br>");
}
?>

<html>
<head>
<title>SESSION TEST FUNCTIONS</title>
</head>

<body>
Action: <b><?=$action?></b><br>
Count : <b><?=$count?></b><br>

<form action="<?=$PHP_SELF?>" method="POST">
<table>
<tr>
<td>Action:</td>
<td>
<select name="action">
<option value="destroy">Destroy</option>
<option value="gc">Force GC</option>
</select>
</td>
</tr>
<tr>
<td></td>
<td>
<br><input type="submit">
</td>
</tr>
</table>

</form>
</body>
</html>

and here's the handler.php which was included:

<?PHP
$HOST = "localhost";
$DBNAME = "sessions";
$USER = "sessionmanager";
$PASS = "sessionmanager";

session_start();

$HANDLER = "";
$LIFETIME = get_cfg_var("session.gc_maxlifetime");

fucntion sessionOpen($save_path, $session_name){
	global $HOST, $DBNAME, $USER, $PASS, $HANDLER;

	if(!$HANDLER = mysql_pconnect($HOST, $USER, $PASS)){
		echo ("<LI>Cant connect to $HOST as $USER");
		echo ("<LI>MySQL Error: ", mysql_error());
		die;
	}

	if(! mysql_select_db($DBNAME, $HANDLER){
		echo ("<LI>We were unable to select database $DBNAME");
		die;
	}

	return true;
}

function sessionClose(){
	return true;
}

function sessionRead($session_key){
	global $session;

	$session_key = addslashes($session_key);

	$session_session_value = mysql_query("SELECT session_value FROM sessions WHERE session_key = '$session_key'")
		or die(db_error_message());

	if(mysql_numrows($session_session_value) == 1){
		return mysql_result($session_session_value, 0);
	} else{
		return false;
	}
}

function sessionWrite($session_key, $val){
	global $session;

	$session_key = addslashes($session_key);
	$val = addslashes($val);
	$session = mysql_result(mysql_query("SELECT COUNT(*) FROM sessions WHERE session_key = '$session_key'"), 0;

	if($session = 0){
		$return = mysql_query("INSERT INTO sessions (session_key, session_expire, session_value) 
							   VALUES ('$session_key', UNIX_TIMESTAMP(NOW()), '$val')");
				  or die(db_error_message());
	} else {
		$return = mysql_query("UPDATE sessions SET session_value = '$val', session_expire = UNIX_TIMESTAMP(NOW())
							   WHERE session_key = '$session_key'");
							   or die(db_error_message());
		if(mysql_affected_rows() < 0) { 
			echo ("We were unable to update session session_value for session $session_key");
		}
	}
	return $return;
}

function sessionDestroyer($session_key){
	global $session;

	$session_key = addslashes($session_key);

	$return = mysql_query("DELETE FROM sessions WHERE session_key = '$session_key'")
					or die(db_error_message());

	return $return;
}

function sessionGc ($maxlifetime){
	global $session;
	$expirationTie = time() - $maxlifetime;

	$return = mysql_query("DELETE FROM sessions WHERE session_expire < $expirationTime")
					or die(db

_error_message());

	return $return;
}

session_set_save_handler(
	'sessionOpen', 
	'sessionClose', 
	'sessionRead',
	'sessionWrite',
	'sessionDestroyer',
	'sessionGc',);

thanks.

dalecosp

I guess I'll post the obligatory "You did check the Apache user's permissions in the session dir, didn't you?" question...

🙂

vr4lyfe

I am using win2k and apache does have permission to read/write to the session dir.

mgelinas

I just implemented a custom session handler. A tough endeavor as guidance is rare and often inappropriate. Reading your code, I see numerous problems. You should run a syntax check to start with. To help you move faster, I contribute my code with the necessary advice. This code works. Well, as I removed a few peculiar things, it should work.:rolleyes:

Here is the code for you to examine:

<?php
/*
Set of functions to support PHP session handling using MySQL storage
Requires a preliminary connection to MySQL database named $connection

php.ini configuration file should have appropriate following settings:
session.auto_start = off ;
session.save_handler = user ; not files or mm
session.save_path = your_database_name ; enter appropriate name
session.name = your_table_name ; enter appropriate name
session.gc_maxlifetime = 1440 ; a number of seconds, here 24 minutes (24 * 60)
session.gc_probability = 10 ; integer percentage to trigger garbage removal
(make it 20 for testing, and 1 should suffice thereafter)
*/

$s_error_log = 'C:\\s_errors.log'; // any file name and location you like

function s_open($database_name, $table_name)
/*
Predefined PHP variable $database_name corresponds
  to session.save_path in php.ini configuration file
Predefined PHP variable $table_name corresponds
  to session.name in php.ini configuration file
*/
{
  global $connection;
  global $s_table;
	$s_table = $table_name;
	return TRUE;
};

function s_read($session_id)
  // $session_id is a predefined PHP variable
{
  global $connection;
	global $s_table;

/*
MySQL table holding session data is made of three fields:
	tag varchar(32) not null, primary key -- to hold the session identifier
  payload text -- to hold the serialized string of session data
  refresh timestamp -- to hold last access moment for garbage collection (pruning)
*/

  $query = "SELECT * FROM $s_table WHERE tag = '$session_id'";
	$result = mysql_query($query, $connection);
	if (!$result)
  	die("Read error: ".mysql_errno()." : ".mysql_error()."\n");
  if (mysql_num_rows($result) == 0) // No session found
  	return "";
  else
  {
  	$row = mysql_fetch_array($result);
    return $row['payload'];
  }
};

function s_write($session_id, $data)
  // $session_id and $data are predefined PHP variables
{
  global $connection;
  global $s_table;
  global $s_error_log;
	$data = addslashes($data);

  $query = "REPLACE $s_table (tag, payload) VALUES ('$session_id', '$data')";
	mysql_query($query, $connection)
  	or error_log("Write error: "
   		.mysql_errno()." : ".mysql_error()."\n", 3, $s_error_log);
	return TRUE;
};

function s_close()
{
  global $connection;

mysql_close($connection);
return TRUE;
};

function s_zap($session_id)
  // $session_id is a predefined PHP variable
{
  global $connection;
  global $s_table; // made global by s_open function
  global $s_error_log;

  $query = "DELETE FROM $s_table WHERE tag = '$session_id' ";
	mysql_query($query, $connection)
  	or error_log("Destroy error: "
   		.mysql_errno()." : ". mysql_error()."\n", 3, $s_error_log);;
	return TRUE;
};

function s_prune($max_time)
/*
Predefined PHP variable $max_time corresponds
  to session.gc_maxlifetime in php.ini configuration file
Predefined PHP variable $table_name corresponds
  to session.name in php.ini configuration file
Function is called according to probability percentage set by
	session.gc_probability in php.ini configuration file
*/
{
  global $connection;
  global $s_table;
  global $s_error_log;

  $query = "DELETE FROM $s_table
  	WHERE UNIX_TIMESTAMP(refresh) < UNIX_TIMESTAMP() - $max_time";
	mysql_query($query, $connection)
  	or error_log("Prune error: "
   		.mysql_errno()." : ". mysql_error()."\n", 3, $s_error_log);
	return TRUE;
};

session_set_save_handler('s_open','s_close','s_read','s_write','s_zap','s_prune');

?>

vr4lyfe

thanks alot .. its 2AM right now as i am reading this but I'll definately give it a try 2morrow.

Thanks.