PHP MySQL - Stilson.net

www.it-ebooks.infoCHAPTER 18 • SESSION HANDLERSConfiguration DirectivesAlmost 30 configuration directives are responsible for tweaking PHP’s session-handling behavior.Because many of these directives play such an important role in determining this behavior, you shouldtake some time to become familiar with the directives and their possible settings. The most relevant areintroduced in this section.Managing the Session Storage MediaThe session.save_handler directive determines how the session information will be stored. Its prototypefollows:session.save_handler = files|mm|sqlite|userSession data can be stored in four ways: within flat files (files), within volatile memory (mm), usingthe SQLite database (sqlite), or through user-defined functions (user). Although the default setting,files, will suffice for many sites, keep in mind for active Web sites that the number of session-storagefiles could potentially run into the thousands, and even the hundreds of thousands over a given periodof time.The volatile memory option is the fastest for managing session data, but also the most volatilebecause the data is stored in RAM. To use this option you’ll need to download and install the mm libraryfrom www.ossp.org/pkg/lib/mm/. Unless you’re well informed of the various issues which could arisefrom managing sessions in this fashion, I suggest choosing another option.The sqlite option takes advantage of the new SQLite extension to manage session informationtransparently using this lightweight database. The fourth option, user, although the most complicated toconfigure, is also the most flexible and powerful because custom handlers can be created to store theinformation in any media the developer desires. Later in this chapter you’ll learn how to use this optionto store session data within a MySQL database.Setting the Session Files PathIf session.save_handler is set to the files storage option, then the session.save_path directive must beset in order to identify the storage directory. Its prototype looks like this:session.save_path = stringBy default, this directive is not enabled. If you’re using the files option, then you’ll need to bothenable it within the php.ini file and choose a suitable storage directory. Keep in mind that this shouldnot be set to a directory located within the server document root because the information could easily becompromised via the browser. In addition, this directory must be writable by the server daemon.For reasons of efficiency, you can define session.save_path using the syntax N;/path, where N is aninteger representing the number of subdirectories N-levels deep in which session data can be stored.This is useful if session.save_handler is set to files and your web site processes a large number ofsessions, because it makes storage more efficient since the session files will be divided into variousdirectories rather than stored in a single, monolithic directory. If you do decide to take advantage of thisfeature, PHP will not automatically create these directories for you. However, Linux users can automatethe process by executing a script named mod_files.sh, located in the ext/session directory. If you’reusing Windows, look for a file named mod_files.bat.369