Looping Through All a Server's Sessions in PHP

Looping Through All a Server's Sessions in PHP

PHP stores session data for each user in a temporary folder on the server. This folder is defined in the php.ini configuration file under the variable session.save_path. Locate this value from within your php.ini file, or alternatively, create a php file with:

<?php echo "Session Save Path: " . ini_get( 'session.save_path');?>

as it's contents, and open the file in your browser.

Once you find the save path for the session data, open up that folder and you'll notice a fairly simple structure. All sessions are stored in the format: sess_$SESSIONID .

Session data is serialized before being stored on disk. As such, objects stored in the session file would have to be deserialized before being usable. However, if you're using plain text, which is stored as-is, to store your session data (ex. $_SESSION['userid'] = 1234) to store information about your users, it should be easy enough to parse out the data you're looking for from within the files.

One more thing ... I haven't looked into it, but it appears as though the session ID that appears in the filename corresponds directly to, for instance, the name of the PHPSESSID cookie stored on the user's computer. So, with this in mind, it may be possible to loop through the files within the temporary session directory, acquire all the $SESSIONID values, set the current session ID using session_id($SESSIONID), start a session with session_start() and access the data you need through PHP without having to parse the contents files themselves. Can anyone confirm whether or not this would be possible?

Edit: Adjusted post to match Itay's comment.

Access active sessions in PHP

Seeing the responses, though it's possible, it doesn't mean you should do it. The format in which the sessions are stored is not documented and may change at any time (even between minor versions).

The correct way to do this is to implement your own session handler. It's not that hard, really.

How can I user session_start() in a loop with no warning/error?

In your specific case... I would do without sessions. A session is just a serialized object into a temporary (well, garbage-collected) file. Who's to stop you from writing your own alternate session handler?

In its most basic form, leaving aside error checking and recovery, it's something like

function getAlternateSessionData() {
    $raw = file_get_contents(getAlternateSessionFileName());
    return unserialize($raw);
}

and the same with file_put_contents() to save the session. You do have to consider how to guard against concurrent access to the same session file by two different server processes. But you can send the session ID cookie at the beginning only, thus never actually "restarting" the session.

Another possibility would be to implement your alternate session using memory - if the server process does not terminate - or something like Redis (you can do that with ordinary sessions too, but those would send a session cache limiter).

You can also use session_set_save_handler() to override the file reading and writing functions of PHP with functions of your own, leaving all the session handling (cookies, etc.) intact. By handling yourself the session file management, you would be able to commit the session whenever you wanted. Still, you would need to consider carefully how to go with concurrent access to the session files, even if they are compatible with PHP's own session handler (if they aren't, you will have to include your session handler in every script accessing the "new" sessions).

As for ob_end_flush(), I believe that's because you never did call ob_start(). You can check the ob* level using ob_get_level() and flush it securely before the loop using ob_end_clean(), then instate a ob_start()/ob_end_flush() pair inside the loop.

PHP $_SESSION not shared between requests

PHP sessions do not support concurrent read/write operations by default. That is, when you update the $_SESSION array from one request, it does not propagate to an already running PHP request.

A solution is to create a file, and monitor the filemtime (file modification time) of that file. Whenever we see that the file is updated, we know that another process touched it.

Implementation example:

$filename = ".test_file";

// Update the file modification time to the current time
touch($filename);
$modificationTime = filemtime($filename);

while ($modificationTime === filemtime($filename) {
    // Do stuff, file modification time is not yet updated.
}

// The file modification time has been updated!

Note that you should test for the change frequently, depending on how quickly the first process should terminate, which means that the code inside the while loop should not take too long.

Is it possible to see active sessions using php?

If you want maximum flexibility with sessions you can save all your sessions in a database. Then it is very easy to get number of sessions, content of any session, kill them, etc...

http://shiflett.org/articles/storing-sessions-in-a-database

As a bonus you will increase the security!


Related Topics

Parse a CSS File with PHP

Unserialize PHP Array in JavaScript

Symfony 3.4 Use View Inside My Bundle

Remove .PHP Extension (Explicitly Written) for Friendly Url

Using MySQLi from Another Class in PHP

How to Process JSON in PHP

Angularjs Upload Multiple Files with Formdata API

PHP Include Error Not Findind the Path

How to Get Xdebug Var_Dump to Show Full Object/Array

Memcached VS Apc Which One Should I Choose

Mechanisms for Tracking Db Schema Changes

Magento - Retrieve Products with a Specific Attribute Value

PHP: Cookie Domain/Subdomain Control

My Magento Extension Install Script Will Not Run

Using PHP and Google Maps API to Work Out Distance Between 2 Post Codes (Uk)

How to Create Optional Arguments in PHP

Accept Function as Parameter in PHP

PHP Cron Job Not Running


Leave a reply



Submit