<?php
/*
* 使用数据库处理session
* php.ini 中 session.save_handler 设为 "user"
*/
class Dbsession{
private static $ua; //代理浏览器
private static $ip; //IP地址
private static $lifetime;//session生存时间
private static $time; //当前时间
private static $pdo;
public static function start(PDO $pdo){
self::$pdo = $pdo;
self::$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
if ( !empty( $_SERVER['HTTP_CLIENT_IP'] ) ) { //check ip from share internet
self::$ip = $_SERVER['HTTP_CLIENT_IP'];
} else if ( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
self::$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
self::$ip = $_SERVER['REMOTE_ADDR'];
}
filter_var(self::$ip,FILTER_VALIDATE_IP) === FALSE && self::$ip = 'unknown';
self::$lifetime = ini_get("session.gc_maxlifetime");
self::$time = time();
session_set_save_handler(
array(__CLASS__,'open'),
array(__CLASS__,'close'),
array(__CLASS__,'read'),
array(__CLASS__,'write'),
array(__CLASS__,'destroy'),
array(__CLASS__,'gc')
);
session_start();
}
private static function open($path,$name){
return true;
}
public static function close(){
return true;
}
private static function read($sid){
$sql = "select * from session where sid=?";
$st = self::$pdo->prepare($sql);
$st->execute(array($sid));
//没有数据
if(!$result = $st->fetch(PDO::FETCH_ASSOC)){
return '';
}
//用户更换了浏览器或者IP地址
if($result['ua'] != self::$ua || $result['ip'] != self::$ip){
self::destroy($sid);
return '';
}
//时间过期
if($result['updatetime']+self::$lifetime < self::$time){
self::destroy($sid);
return '';
}
return $result['data']; //返回session数据
}
public static function write($sid,$data){
//先查有无session
$sql = "select * from session where sid=?";
$st = self::$pdo->prepare($sql);
$st->execute(array($sid));
if($result = $st->fetch(PDO::FETCH_ASSOC)){
//数据发生改变或者30秒开外,则更新
if($result['data'] != $data || $result['updatetime']+30 < self::$time){
$sql = "update session set data=? ,updatetime=? where sid=?";
$st = self::$pdo->prepare($sql);
$st->execute(array($data,self::$time,$sid));
}
}else{
if(!empty($data)){
$sql = "insert into session values(?,?,?,?,?)";
$st = self::$pdo->prepare($sql);
$st->execute(array($sid,$data,self::$time,self::$ua,self::$ip));
}
}
return true;
}
public static function destroy($sid){
$sql = "delete from session where sid=?";
$st = self::$pdo->prepare($sql);
$st->execute(array($sid));
return true;
}
private static function gc($lifetime){
$sql = "delete from session where updatetime<?";
$st = self::$pdo->prepare($sql);
$st->execute(array(self::$time-$lifetime));
return true;
}
}
浙公网安备 33010602011771号