php遍历打印session
通常情况下php是不知道sssion存储到哪的,可以使用下面的代码获取所有session文件数据
<?php
header('Content-Type:text/plain');
session_start();
$path=ini_get('session.save_path');
$handle=dir($path);
while ($filename=$handle->read())
{
if(substr($filename, 0,5)=='sess_')
{
$data=file_get_contents("$path/$filename");
if(!empty($data))
{
session_decode($data);
$session=$_SESSION;
$_SESSION=array();
echo "Session [".substr($filename, 5)."]\n";
print_r($session);
echo "\n--\n\n";
}
}
}
因此最好的解决办法是将session数据存储到数据库中,可以增加更多的逻辑权限验证
The best solution to this particular problem is to store your session data in a database protected with a username and password. Because
access to a database is controlled, this adds an extra layer of protection. By applying the technique discussed in the previous section, the
database can be used as a safehaven for your sensitive data, although you should remain alert to the fact that the security of your database
becomes even more important.
access to a database is controlled, this adds an extra layer of protection. By applying the technique discussed in the previous section, the
database can be used as a safehaven for your sensitive data, although you should remain alert to the fact that the security of your database
becomes even more important.
1.建立数据表 security/sessions
create table sessions(id varchar(32) not null,
access int(10) unsigned,
data text,
primary key(id));
access int(10) unsigned,
data text,
primary key(id));
2.
You must call session_set_save_handler( ) prior to calling session_start( ), but you can define the functions themselves anywhere.
<?php
This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks .
function _open()
{
global $_sess_db;
$db_user = $_SERVER['DB_USER'];
$db_pass = $_SERVER['DB_PASS'];
$db_host = 'localhost';
if ($_sess_db = mysql_connect($db_host, $db_user, $db_pass))
{
return mysql_select_db('sessions', $_sess_db);
}
return FALSE;
}
function _close()
{
global $_sess_db;
return mysql_close($_sess_db);
}
function _read($id)
{
global $_sess_db;
$id = mysql_real_escape_string($id);
$sql = "SELECT data
FROM sessions
WHERE id = '$id'";
if ($result = mysql_query($sql, $_sess_db))
{
if (mysql_num_rows($result))
{
$record = mysql_fetch_assoc($result);
return $record['data'];
}
}
return '';
}
function _write($id, $data)
{
global $_sess_db;
$access = time();
$id = mysql_real_escape_string($id);
$access = mysql_real_escape_string($access);
$data = mysql_real_escape_string($data);
$sql = "REPLACE
INTO sessions
This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks .
VALUES ('$id', '$access', '$data')";
return mysql_query($sql, $_sess_db);
}
function _destroy($id)
{
global $_sess_db;
$id = mysql_real_escape_string($id);
$sql = "DELETE
FROM sessions
WHERE id = '$id'";
return mysql_query($sql, $_sess_db);
}
function _clean($max)
{
global $_sess_db;
$old = time() - $max;
$old = mysql_real_escape_string($old);
$sql = "DELETE
FROM sessions
WHERE access < '$old'";
return mysql_query($sql, $_sess_db);
}
?>
This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks .
function _open()
{
global $_sess_db;
$db_user = $_SERVER['DB_USER'];
$db_pass = $_SERVER['DB_PASS'];
$db_host = 'localhost';
if ($_sess_db = mysql_connect($db_host, $db_user, $db_pass))
{
return mysql_select_db('sessions', $_sess_db);
}
return FALSE;
}
function _close()
{
global $_sess_db;
return mysql_close($_sess_db);
}
function _read($id)
{
global $_sess_db;
$id = mysql_real_escape_string($id);
$sql = "SELECT data
FROM sessions
WHERE id = '$id'";
if ($result = mysql_query($sql, $_sess_db))
{
if (mysql_num_rows($result))
{
$record = mysql_fetch_assoc($result);
return $record['data'];
}
}
return '';
}
function _write($id, $data)
{
global $_sess_db;
$access = time();
$id = mysql_real_escape_string($id);
$access = mysql_real_escape_string($access);
$data = mysql_real_escape_string($data);
$sql = "REPLACE
INTO sessions
This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks .
VALUES ('$id', '$access', '$data')";
return mysql_query($sql, $_sess_db);
}
function _destroy($id)
{
global $_sess_db;
$id = mysql_real_escape_string($id);
$sql = "DELETE
FROM sessions
WHERE id = '$id'";
return mysql_query($sql, $_sess_db);
}
function _clean($max)
{
global $_sess_db;
$old = time() - $max;
$old = mysql_real_escape_string($old);
$sql = "DELETE
FROM sessions
WHERE access < '$old'";
return mysql_query($sql, $_sess_db);
}
?>
浙公网安备 33010602011771号