Access Active Sessions in PHP

Access active sessions in PHP

Seeing the responses, though it's possible, it doesn't mean you should do it. The format in which the sessions are stored is not documented and may change at any time (even between minor versions).

The correct way to do this is to implement your own session handler. It's not that hard, really.

Is it possible to see active sessions using php?

If you want maximum flexibility with sessions you can save all your sessions in a database. Then it is very easy to get number of sessions, content of any session, kill them, etc...

http://shiflett.org/articles/storing-sessions-in-a-database

As a bonus you will increase the security!

Looping Through All a Server's Sessions in PHP

PHP stores session data for each user in a temporary folder on the server. This folder is defined in the php.ini configuration file under the variable session.save_path. Locate this value from within your php.ini file, or alternatively, create a php file with:

<?php echo "Session Save Path: " . ini_get( 'session.save_path');?>

as it's contents, and open the file in your browser.

Once you find the save path for the session data, open up that folder and you'll notice a fairly simple structure. All sessions are stored in the format: sess_$SESSIONID .

Session data is serialized before being stored on disk. As such, objects stored in the session file would have to be deserialized before being usable. However, if you're using plain text, which is stored as-is, to store your session data (ex. $_SESSION['userid'] = 1234) to store information about your users, it should be easy enough to parse out the data you're looking for from within the files.

One more thing ... I haven't looked into it, but it appears as though the session ID that appears in the filename corresponds directly to, for instance, the name of the PHPSESSID cookie stored on the user's computer. So, with this in mind, it may be possible to loop through the files within the temporary session directory, acquire all the $SESSIONID values, set the current session ID using session_id($SESSIONID), start a session with session_start() and access the data you need through PHP without having to parse the contents files themselves. Can anyone confirm whether or not this would be possible?

Edit: Adjusted post to match Itay's comment.

How to list all session in php

Not sure i understand exactly what are you asking.
Anyway, you may try this to list all your sessions.

if(isset($_SESSION['prod'][$_GET['id']]))
{
    // suppose that session is an array
    foreach ($_SESSION['prod'] as $session)
    {
        echo $session; // supposedly you want to echo it? 
    }
}

Is this what you want to achieve?
Regards
Vladimir

Access all server session variables

I spend some time once with a script that programatically "expires" server sessions to obtain info about user inactivity. On that occasion, I had a database with session_ids to transverse, but it can be done with directory listing (note that are php's compilation specific advices on code)

//Preserve runtime variable
$pre_config = ini_get('session.use_cookies');
//Check previous session_start();
if($previous_sid = session_id()){
    //close and save current session 
    session_write_close();
}

//To determine where php session files are stored, see http://stackoverflow.com/questions/4927850/location-for-session-files-in-apache-php
if(($save_path = session_save_path()) === ''){
    // PHP compilation specific
    // There are diferences between CLI (saves in sys_get_temp_dir()) and mod_php (where session_save_path() works) on Fedora 12
    $save_path =  '/var/lib/php/session/';
    session_save_path('/var/lib/php/session/');
}

//Avoid new cookies from other session_start()
ini_set('session.use_cookies', false);

//Do the magic
if ($handle = opendir($save_path)) {
    while (false !== ($entry = readdir($handle))) {
        if (strpos($entry, 'sess_') === 0) {
            $session_id = str_replace('sess_' , '', $entry);
            session_id($session_id);
            session_start();
            //Do whatever you want with this session, using $_SESSION 
            session_write_close();
        }
    }

    closedir($handle);
}

//Restore previous configuration
ini_set('session.use_cookies', $pre_config);
//Restore previous session
if($previous_sid) {
    session_id($previous_sid);
    session_start();
}

I do not recommend running this code on client request. Remember that session_start block script execution while "session id" is in use on another request. And I think that is not recommended to run it by a CLI script, because PHP embedded on WebServers and PHP CLI uses different environment and configurations (besides the fact that the running user of a PHP CLI must be the same user that runs the WebServer to prevent permission deny).

I think that the ideal solution is to trigger requests to this script with a HTTP GET periodically (by linux crontab or similar), of course this solution depends on final use been planned. If HTTP request trigger can be done, the part of the code that saves previous settings and session can be eliminated.

How to access php sessions on different computers

The session is stored on server side and a session cookie is created on client side to identify the current session of browser which holds current session id.

The session cookie is stored based on the domain you are using to access the site.

Since you are using different domain one is localhost and another is ip which will create two different sessions.

When you visit pages through localhost domain. It will create session and store session cookie on the domain localhost. If you visit another page on same domain system will check if the session cookie exists it resume the old session and does not create new one.

While the same time if you access through ip the session cookie is not stored for this ip yet then system assume that there is no active session for this user and will start a new session and session cookie is stored for based on this ip.

This is the way how session works.

Hope this helps.

---

Related Topics