numberone1
سه شنبه 30 اردیبهشت 1393, 12:25 عصر
سلام من از یک کلاس session_handler استفاده میکنم ولی این یک مشکلی داره اینه که هر چی session_destroy یا session_unset استفاده میکنم کل سشن ها توی دیتابیس موجود هست و پاک نمیشه!
فانکشن سازنده session
function Session()
{
// CONFIG: MySQL database details
$this->dbHost = "127.0.0.1";
$this->dbName = "dbname";
// CONFIG: MySQL account details
$this->dbUser = "user";
$this->dbPass = "123456";
// CONFIG: Used session table
$this->table = "user_sessions";
// CONFIG: Configure PDO attributes
$this->confPDO = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, // Causes an exception to be thrown
//PDO::ATTR_PERSISTENT => false, // With TRUE persistent connection activated (connection not closed when script ends)
//PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true // With TRUE the buffered versions of the MySQL API will be used
);
// CONFIG: SALT [free random sequence to increase the session security]
$this->salt = "salt key";
// CONFIG: Target address after session was destroyed
$this->location = "http://domain.ir";
// CONFIG: Get domain name
$this->domain = str_replace('www.', '', $_SERVER['HTTP_HOST']);
date_default_timezone_set('Asia/Tehran');
// CONFIG: Session parameter (php.ini)
ini_set( 'session.auto_start', 0 ); // Defines whether the session module starts a session automatically on request startup [Default: '0']
ini_set( 'session.name', 'mp3db' ); // Defines the name of the session which is used as cookie name; it should only contain alphanumeric characters [Default: 'PHPSESSID']
ini_set( 'session.save_handler', 'user' ); // Defines the name of the handler which is used for storing and retrieving data associated with a session [Default: 'files']
ini_set( 'session.gc_probability', 1 ); // Conjunction with session.gc_divisor is used to manage probability that the garbage collection routine is started [Default: '1']
ini_set( 'session.gc_divisor', 50 ); // Coupled with session.gc_probability defines the probability that the garbage collection process is started on every session initialization [Default: '100']
ini_set( 'session.gc_maxlifetime', 15*60 ); // Defines the number of seconds after which data will be seen as 'garbage' and potentially cleaned up [Depending on session.gc_probability and session.gc_divisor]
ini_set( 'session.use_cookies', 1 ); // Enable ('1') / Disable ('0') cookies to store the session id on the client side [Default: '1']
ini_set( 'session.use_only_cookies', 1 ); // Enable ('1') / Disable ('0') to use ONLY cookies to store the session id on the client side [Default: '1']
ini_set( 'session.use_trans_sid', 0 ); // Enable ('1') / Disable ('0') transparent sid support [Default: '0']
ini_set( 'session.referer_check', '' ); // Contains the substring you want to check each HTTP Referer for [Default: empty string]
ini_set( 'session.hash_function', 1 ); // Defines the hash algorithm used to generate the session ID ['0' = MD5 (128 bits) / '1' = SHA-1 (160 bits)]
ini_set( 'session.hash_bits_per_character', 6 ); // Defines how many bits are stored in each character when converting the binary hash data to something readable [Possible values are '4', '5' or '6']
// CONFIG: Cache limiter
session_cache_limiter( 'nocache' ); // Specifies the cache control method ('nocache', 'private', 'private_no_expire', or 'public') used for session pages [Default: 'nocache']
// CONFIG: Cookie parameters
session_set_cookie_params( // Set cookie parameters defined in the php.ini file. You need to call session_set_cookie_params() for every request and before session_start() is called.
15*60, // Lifetime of the session cookie, defined in seconds [int $lifetime]
'/', // Path on the domain where the cookie will work. Use a single slash ('/') for all paths on the domain [string $path]
$this->domain // Cookie domain, for example 'www.php.net'. To make cookies visible on all subdomains then the domain must be prefixed with a dot like '.php.net' [string $domain]
);
// Set session handler
session_set_save_handler( array( &$this, 'open' ),
array( &$this, 'close' ),
array( &$this, 'read' ),
array( &$this, 'write' ),
array( &$this, 'destroy' ),
array( &$this, 'clean' ) );
// Start session
session_start();
}
فانکشن clean
function clean( $max )
{
// Delete old sessions
$max = time() - $max;
try
{
$stmt = $this->dbc->prepare( "DELETE FROM " . $this->table . " WHERE access < :max" );
$stmt->execute( array( ':max' => $max ) );
}
// PDO error handling
catch ( PDOException $errMsg )
{
$this->dbc = null;
return false;
}
return true;
}
باز شدن session
function open()
{
// Establish connection
if(!self::$this->dbc) {
try
{
self::$this->dbc = new PDO("sqlsrv:Server=".$this->dbHost.";Database=".$this->dbName, $this->dbUser, $this->dbPass, $this->confPDO);
}
// PDO error handling
catch( PDOException $errMsg )
{
echo 'can not connect'.$errMsg->getMessage();
return false;
}
}
return self::$this->dbc;
if ( $id = session_id() )
{
// Read saved 'fingerprint' of used session
try
{
$stmt = $this->dbc->prepare( "SELECT fingerprint FROM " . $this->table . " WHERE id = :id" );
$stmt->execute( array( ':id' => $id ) );
$data = $stmt->fetchAll( PDO::FETCH_ASSOC );
}
// PDO error handling
catch ( PDOException $errMsg )
{
$this->dbc = null;
return false;
}
// Check if session HIJACKED
if ( count( $data ) > 0 )
{
$this->sessfp = ( $data[0] ['fingerprint'] ) ? $data[0] ['fingerprint'] : '';
// Create 'fingerprint' with current user data
$this->security();
// Comparison of both fingerprints
if ( $this->sessfp != $this->fingerprint )
{
$this->destroyHijacked( $id );
header("Location: " . $this->location . "");
exit( 0 );
}
}
}
}
destroy شدن session
function destroy( $id )
{
session_unset();
// Delete session
try
{
$stmt = $this->dbc->prepare( "DELETE FROM user_sessions WHERE id = :id" );
$stmt->execute( array( ':id' => $id ) );
}
// PDO error handling
catch ( PDOException $errMsg )
{
$this->dbc = null;
return false;
}
return true;
}
این هم کدی که سشن و باید پاک کنه ولی نمیکنه!!
<?php
ob_start();
require_once '../inc/class_session.inc.php';
$session = new Session();
if(!isset($_SESSION['admin']) OR !isset($_SESSION['userid'])){
unset($_SESSION['admin']);
unset($_SESSION['userid']);
session_destroy();
session_unset();
header('location: index.php');
exit();
}
سشن ها تو دیتابیس باقی میمونن و پاک نمیشن
پیشاپیش از راهنمائی شما ممنون
فانکشن سازنده session
function Session()
{
// CONFIG: MySQL database details
$this->dbHost = "127.0.0.1";
$this->dbName = "dbname";
// CONFIG: MySQL account details
$this->dbUser = "user";
$this->dbPass = "123456";
// CONFIG: Used session table
$this->table = "user_sessions";
// CONFIG: Configure PDO attributes
$this->confPDO = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, // Causes an exception to be thrown
//PDO::ATTR_PERSISTENT => false, // With TRUE persistent connection activated (connection not closed when script ends)
//PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true // With TRUE the buffered versions of the MySQL API will be used
);
// CONFIG: SALT [free random sequence to increase the session security]
$this->salt = "salt key";
// CONFIG: Target address after session was destroyed
$this->location = "http://domain.ir";
// CONFIG: Get domain name
$this->domain = str_replace('www.', '', $_SERVER['HTTP_HOST']);
date_default_timezone_set('Asia/Tehran');
// CONFIG: Session parameter (php.ini)
ini_set( 'session.auto_start', 0 ); // Defines whether the session module starts a session automatically on request startup [Default: '0']
ini_set( 'session.name', 'mp3db' ); // Defines the name of the session which is used as cookie name; it should only contain alphanumeric characters [Default: 'PHPSESSID']
ini_set( 'session.save_handler', 'user' ); // Defines the name of the handler which is used for storing and retrieving data associated with a session [Default: 'files']
ini_set( 'session.gc_probability', 1 ); // Conjunction with session.gc_divisor is used to manage probability that the garbage collection routine is started [Default: '1']
ini_set( 'session.gc_divisor', 50 ); // Coupled with session.gc_probability defines the probability that the garbage collection process is started on every session initialization [Default: '100']
ini_set( 'session.gc_maxlifetime', 15*60 ); // Defines the number of seconds after which data will be seen as 'garbage' and potentially cleaned up [Depending on session.gc_probability and session.gc_divisor]
ini_set( 'session.use_cookies', 1 ); // Enable ('1') / Disable ('0') cookies to store the session id on the client side [Default: '1']
ini_set( 'session.use_only_cookies', 1 ); // Enable ('1') / Disable ('0') to use ONLY cookies to store the session id on the client side [Default: '1']
ini_set( 'session.use_trans_sid', 0 ); // Enable ('1') / Disable ('0') transparent sid support [Default: '0']
ini_set( 'session.referer_check', '' ); // Contains the substring you want to check each HTTP Referer for [Default: empty string]
ini_set( 'session.hash_function', 1 ); // Defines the hash algorithm used to generate the session ID ['0' = MD5 (128 bits) / '1' = SHA-1 (160 bits)]
ini_set( 'session.hash_bits_per_character', 6 ); // Defines how many bits are stored in each character when converting the binary hash data to something readable [Possible values are '4', '5' or '6']
// CONFIG: Cache limiter
session_cache_limiter( 'nocache' ); // Specifies the cache control method ('nocache', 'private', 'private_no_expire', or 'public') used for session pages [Default: 'nocache']
// CONFIG: Cookie parameters
session_set_cookie_params( // Set cookie parameters defined in the php.ini file. You need to call session_set_cookie_params() for every request and before session_start() is called.
15*60, // Lifetime of the session cookie, defined in seconds [int $lifetime]
'/', // Path on the domain where the cookie will work. Use a single slash ('/') for all paths on the domain [string $path]
$this->domain // Cookie domain, for example 'www.php.net'. To make cookies visible on all subdomains then the domain must be prefixed with a dot like '.php.net' [string $domain]
);
// Set session handler
session_set_save_handler( array( &$this, 'open' ),
array( &$this, 'close' ),
array( &$this, 'read' ),
array( &$this, 'write' ),
array( &$this, 'destroy' ),
array( &$this, 'clean' ) );
// Start session
session_start();
}
فانکشن clean
function clean( $max )
{
// Delete old sessions
$max = time() - $max;
try
{
$stmt = $this->dbc->prepare( "DELETE FROM " . $this->table . " WHERE access < :max" );
$stmt->execute( array( ':max' => $max ) );
}
// PDO error handling
catch ( PDOException $errMsg )
{
$this->dbc = null;
return false;
}
return true;
}
باز شدن session
function open()
{
// Establish connection
if(!self::$this->dbc) {
try
{
self::$this->dbc = new PDO("sqlsrv:Server=".$this->dbHost.";Database=".$this->dbName, $this->dbUser, $this->dbPass, $this->confPDO);
}
// PDO error handling
catch( PDOException $errMsg )
{
echo 'can not connect'.$errMsg->getMessage();
return false;
}
}
return self::$this->dbc;
if ( $id = session_id() )
{
// Read saved 'fingerprint' of used session
try
{
$stmt = $this->dbc->prepare( "SELECT fingerprint FROM " . $this->table . " WHERE id = :id" );
$stmt->execute( array( ':id' => $id ) );
$data = $stmt->fetchAll( PDO::FETCH_ASSOC );
}
// PDO error handling
catch ( PDOException $errMsg )
{
$this->dbc = null;
return false;
}
// Check if session HIJACKED
if ( count( $data ) > 0 )
{
$this->sessfp = ( $data[0] ['fingerprint'] ) ? $data[0] ['fingerprint'] : '';
// Create 'fingerprint' with current user data
$this->security();
// Comparison of both fingerprints
if ( $this->sessfp != $this->fingerprint )
{
$this->destroyHijacked( $id );
header("Location: " . $this->location . "");
exit( 0 );
}
}
}
}
destroy شدن session
function destroy( $id )
{
session_unset();
// Delete session
try
{
$stmt = $this->dbc->prepare( "DELETE FROM user_sessions WHERE id = :id" );
$stmt->execute( array( ':id' => $id ) );
}
// PDO error handling
catch ( PDOException $errMsg )
{
$this->dbc = null;
return false;
}
return true;
}
این هم کدی که سشن و باید پاک کنه ولی نمیکنه!!
<?php
ob_start();
require_once '../inc/class_session.inc.php';
$session = new Session();
if(!isset($_SESSION['admin']) OR !isset($_SESSION['userid'])){
unset($_SESSION['admin']);
unset($_SESSION['userid']);
session_destroy();
session_unset();
header('location: index.php');
exit();
}
سشن ها تو دیتابیس باقی میمونن و پاک نمیشن
پیشاپیش از راهنمائی شما ممنون