PHP Classes

Simple Session (PDO / MySQL): Store session data in MySQL using PDO

Recommend this page to a friend!

  Author Author  
Picture of VR
Name: VR <contact>
Classes: 3 packages by
Country: ???
Age: 53
All time rank: 1453
Week rank: 515 Up

  Detailed description   Download Download .zip .tar.gz   Install with Composer Install with Composer  
This class can store session data in MySQL using PDO.

It can register its functions to handle several operations to store and retrieve data for PHP sessions from a MySQL database using PDO extension functions.

The class computes a fingerprint value from the user computer IP address and browser identification, so if this fingerprint changes for a given session the class considers the session was hijacked and it is destroyed automatically.

 * Title:         Class 'Session' (
 * Version:       1.2
 * Copyright:     (c) 2012 Volker Rubach - All rights reserved
 * Description:   This class provide a secure session handler with
 *                PDO connection to a MySQL database.

 Importend notes
 Save '' under 'CGI-BIN' in the root folder. This
 directory exists in most cases, is not accessible from outside, but
 locally executed PHP scripts can access this folder and can use the

 If the hosting package has not a protected 'CGI-BIN' directory, manual
 a secure directory should be set up, then the class and config stored

 These measures increase the security against unauthorized access to
 the database, because the credentials are not as freely available!!!

 This class have a own session handler, use a database to save sessions,
 open the connection over PDO, uses preparestatements and bind variables.

 To prevent session fixation, PHP not include the identifier in the URL
 and don't read the URL for identifiers (session.use_trans_sid = 0).
 Also PHP will use only Cookies for session handling and never use URLs
 with session identifiers (session.use_only_cookies = 1).
 To prevent session hijacking, this class use a fingerprint to identify
 a user. This fingerprint will be generated from following values:
 - SALT             =>  free random value
                        (can be themselves added; longer is better)
 - Host Name        =>  determined by PHP
                        (or 'unkown' if can't determined)
 - IP Address       =>  determined by PHP
                        (only first two sets used; rest are set to 0)
 - HTTP User Agent  =>  determined by PHP

 This fingerprint is checked each time during a session. This ensures
 that if a session is hijacked, they will be immediately destroyed.

 Declaration of variables
 $this->dbHost        CONF: MySQL server address
 $this->dbName        CONF: MySQL database name
 $this->dbUser        CONF: MySQL account username [read rights]
 $this->dbPass        CONF: MySQL account password [read rights]
 $this->table         CONF: MySQL table name where sessions are saved
 $this->confPDO       PDO attributes
 $this->salt          SALT [free random value to increase the session security]
 $this->location      Target address after session was destroyed
 $this->domain        Domain name
 $this->dbc           Database connection
 $this->fingerprint   Composite chain of values [hashed with MD5]
 $this->sessfp        Fingerprint of current session [read from table]
 $id                  Session ID
 $data                Session data
 $fingerprint         Composite chain of values [hashed with MD5]
 $stmt                SQL statement [prepare / execute]

 Include class
   include('../ <path> /');

 Create instance
   $session = new Session();

Important note:  Include class and create instance must be done before
                 the first HTML tag in the script or HTML page and no
                 blank line before the commands.

 Usage: Write session data

 Usage: Output session data
   $echo $_SESSION['user'];

 Usage: Session data into variable
   $user = $_SESSION['user'];

 SECURITY: Reliable values
 $_SERVER["HTTP_USER_AGENT"]        (may be empty, but then reliable empty)

 SECURITY: 'Salt' (free random sequence)
 $this->salt = "w3463-dfgsdgd-564564";

 SECURITY: Less reliable values
 $_SERVER["REMOTE_ADDR"]            (or only parts of it; e.g.

  Classes of VR  >  Simple Session (PDO / MySQL)  >  Download Download .zip .tar.gz  >  Support forum Support forum (4)  >  Blog Blog  >  RSS 1.0 feed RSS 2.0 feed Latest changes  
Name: Simple Session (PDO / MySQL)
Base name: simple-session
Description: Store session data in MySQL using PDO
Version: 1.2
PHP version: 5.0
License: Freeware
All time users: 1069 users
All time rank: 3464
Week users: 0 users
Week rank: 173 Equal
  Groups   Rate classes User ratings   Applications   Files Files  

Group folder image PHP 5 Classes using PHP 5 specific features View top rated classes
Group folder image User Management User records, authentication and session handling View top rated classes
Group folder image Security Security protection and attack detection View top rated classes

  User ratings  
RatingsUtility Consistency Documentation Examples Tests Videos Overall Rank
All time: Sufficient (75%) Sufficient (75%) Perfect (100%) - - - Not sure (55%) 1882
Month: Not yet rated by the users

  Applications that use this package  
No pages of applications that use this class were specified.

Add link image If you know an application of this package, send a message to the author to add a link here.

  Files folder image Files  
File Role Description
Plain text file Class Class
Accessible without login Plain text file ReadMe.txt Doc. ReadMe
Accessible without login Plain text file user_sessions.sql Data SQL Create Statement

Install with Composer Install with Composer - Download Download all files: simple-session.tar.gz
NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.
For more information send a message to info at phpclasses dot org.