Session lock when sessions r stored in mysql

anishmsry · March 30, 2010, 7:25am

hello,
i want to store sessions in mysql tables using session_set_save_handler function.

While reading some articles i came across the fact that while sessions are stored in files, the sessions are locked, but when sessions are stored in mysql using custom functions, sessions are not locked.
i also read that when sessions are stored in mysql using custom functions there will be problems when 2 persons simultaneously access the sessions.

is this issue solved in the latest versions of php?
or is there still problems of session locking?

smftre · March 30, 2010, 9:21am

Are you sharing the sessions? As that is not really allowed.

anishmsry · March 30, 2010, 9:30am

sharing the sessions?

smftre · March 30, 2010, 9:37am

Haha.
Are you trying to access the session at the same time by 2 different scripts?

hash · March 30, 2010, 9:43am

First off, why do you need to do this? Perhaps a better description will garner some decent responses, but for the most part what you are wanting to do is not necessary.

Secondly, it is not about the lock so much as two clients simultaneously accessing the session: regardless of locks, you have will likely have no way to know which does what first. If script1.php sets admin false and script2.php sets admin true, and you run both at once (via frames/ajax/whatever) then admin will be true or false based solely on which script finishes execution last.

anishmsry · March 30, 2010, 10:06am

it’s for users logging in.

the thing which i’ve doubt is: if 2 users having 2 different session ids, access a page at the same time in which there is a script to modify the session data. Will it change the value of the other person’s session data accidentally if sessions are stored in mysql.

anishmsry · March 30, 2010, 10:07am

is there session locking for sessions stored in database in the latest versions of php?

smftre · March 30, 2010, 10:07am

It should never modify each other’s session data, as you are not overwriting it, each one is unique

anishmsry · March 30, 2010, 10:17am

does the latest versions of php support session locking for sessions stored in database (using session_set_save_handler)?

hash · March 30, 2010, 10:20am

if you have two different ids then how can they be equal; you can’t modify two records when using a unique key.

No, php can’t write your sql queries for you. The only thing php does with session handling is make sure session_write is done after the script loads.

edit:

php doesn’t support sessions stored in a database. It supports it’s default (file storage), or you taking over and doing what you want.

smftre · March 30, 2010, 10:20am

http://www.php.net/manual/en/function.session-set-save-handler.php#49630

anishmsry · March 30, 2010, 10:27am

thanks a lot guys for replying…i was just wondering, how does php generate the session id - PHPSESSID? What are the parameters used for generating this hash?

Immerse · March 30, 2010, 11:54am

How PHP generates the session id? No idea, but it provides this function:
http://www.php.net/session_id

crmalibu · March 30, 2010, 2:24pm

It is a hash of REMOTE_ADDR(ip) and the current microtime, with optional entropy from a file.

anishmsry · March 30, 2010, 3:22pm

hmm…i never thought REMOTE_ADDR(ip) will be used as a part to generate the PHPSESSID