saving php session id into database

Forum Moderators: coopster

Message Too Old, No Replies

saving php session id into database

joshm

2:58 pm on Jun 21, 2007 (gmt 0)

What is the best way to acquire the php session id and insert it into a database table?

I am doing this to stop multiple logins under the same username. I have this:

session_start();
@mysql_query("UPDATE accounts SET sessid='md5(session_id())' WHERE member='$member'");

sessid is where I want to save the session_id. Any help much appreciated.

vincevincevince

3:02 pm on Jun 21, 2007 (gmt 0)

Your method seems fine to me. PHP can be forced to use MySQL for session handling directly, if you wish.

<added later>eelixduppy is right (below), I missed your syntax error</added>

[edited by: vincevincevince at 3:03 pm (utc) on June 21, 2007]

eelixduppy

3:02 pm on Jun 21, 2007 (gmt 0)

Your syntax is incorrect. Try this:


mysql_query("UPDATE `accounts` SET `sessid`='".md5(session_id())."' WHERE member='$member'");

Also, don't forget to escape

$member

with mysql_real_escape_string [php.net]() if you haven't already done so.

joshm

12:59 am on Jun 22, 2007 (gmt 0)

Thanks, that worked.

Now i'm trying to get the session id from the users cookie. The cookie is named PHPSESSID


$result = mysql_query("SELECT COUNT(*) FROM accounts WHERE member='$member' AND sessid='".mysql_real_escape_string(md5(session_id()))."'");
$login_status = mysql_result($result,0,0);
}
if (0 == $login_status) {
//Testing below
echo "logout";
echo md5(session_id());
echo $member;
}

The problem is $login_status == 0 even when I can see I have both cookies set in my browser.

I can echo md5(session_id()) and $member fine.

I have found the session ids don't match up. When I login and set a session id for the user, and then update the db, it is differently set in the db. But both are 32 chars.

joshm

6:40 am on Jun 23, 2007 (gmt 0)

I have managed to save the session id as a cookie and also insert the same session id into the table. It's working well. My only problem now is I still get the PHPSESSID cookie being saved, I don't need it. How do I make this actually be the cookie named 'session'.

This is my code that sets the cookie and inserts it into table.


session_start();
$session = md5(session_id());
setCookie("session", $session);
@mysql_query("UPDATE $c->mysql_tb_id SET sessid='$session', WHERE member='$member'");

vincevincevince

6:50 am on Jun 23, 2007 (gmt 0)

Why would you want to do that? Just drop the session functions altogether and make a random ID for your user yourself...

joshm

1:34 pm on Jun 23, 2007 (gmt 0)

That's a good idea. I guess I didn't think of that because I had my mind set on using session_id. I missed the obvious.

I'm using this instead:


$rand = mt_rand(0,32);
$key = md5($rand . time());
setCookie("key", $key);

Thanks.