Custom Session Write Error

hp829

I have implemented a custom php session handler using mysql db's. Everything seemed to be working fine until, after some testing, i realized that session write wasn't working the way it should have been.

Basically, i am using sessions to store 2 pieces of information for users: their username and the group they belong to (the encoded session data is being written to the database). Initially, when a users first loads up a page, my code checks to see whether $SESSION['user'] and $SESSION['group'] are defined. If they are everything is fine, if they are not, then it means the user has just entered the site and a default value of 'guest' and 'Guests' and given to 'user' and 'group', respectively. All of this i described works great, the problem comes with my login script. The login script is suppose to take the info from the form, authenticate it against a 'users' table in my database, and if the password and username is found it must reassign the $SESSION['user'] and $SESSION['group'] variables. This is the part that is just not working. After i assign the new values to the $SESSION elements, I can obviously see that the array, $SESSION has changed. But when the encoded session data is written back to the database, this change in $SESSION isn't reflected in my write function (it still writes the original encoded data as though nothing about $SESSION has changed). I am doing something wrong here? I even tried using session_write_close() to force the session to be written, but still the same deal. Do i perhaps need to manually encode the $_SESSION array and write that. Any feedback is greatly appreciated.

-- Thanks in advance

LordShryku

You should show your code. We can't know if you're doing something wrong if we can't see it

hp829

No success. There is nothing wrong with the actual array $SESSION. The values in the array are changing. It's at the end of the script where my write function is being called. The encoded data that is being passed to this function doesn't reflect the changes I made to $SESSION. Weird Stuff.

pipe_girl

Hi,

Did you build the 'write' function yourself?

Can we see some of your code?

I'm not very familiar with custom sessions, but someone else might be able to spot the problem if you posted the code...

hp829

Here it is:

function write($key, $value)
{
    $expiry = time() + $this -> sessLife;
    $value = addslashes($value);
    $sql = sprintf("update %s set %s, %s, %s where %s and %s",
        "sessions", sprintf("expiry=%d", $expiry), sprintf("value='%s'", $value), sprintf("address='%s'", cntRemHost),
        sprintf("id='%s'", $key), sprintf("expiry>%d", time()));
    $this -> conn -> query($sql);
    $affected = $this -> conn -> affected();
    if ($affected == 0) {
        $sql = sprintf("insert into %s (%s,%s,%s,%s) values ('%s',%d,'%s','%s')",
            "sessions", "id", "expiry", "value", "address",
            $key, $expiry, $value, cntRemHost);
		return $this -> conn -> query($sql);
    } else {
        return true;
    } 
}

it is actually a member function, which really makes no difference. There are certain variables that are worth explaining: $this->conn is just a object of a class i wrote for db access, cntRemHost is just a constant that has the users Remote Address. Basically, the function first try's to do an update, if it doesn't work, it means that the key doesn't exist, so it then inserts it.

As i said before, the function is not the problem. I know for a fact that the encoded session data passed to write() in the arguement $value is the problem. I assign something to $_SESSION, and it's not reflected in this encoded data.