Handling sessions without Apache sessions
You are all familiar that Apache sessions are slow and sometimes insecure. In this text I will try to implement way of handling sessions with all Doo::cache mechanisms that are available in DooPhp.
So our sessions will be stored in some of the cache mechanisms. First we will start with writting our session class that will start and end session, we will save it in protected/class folder.
Here is our Session.class
<?php
/**
* Session handler
*
* @author Milos Kovacki <kovacki@gmail.com>
* @copyright Milos Kovacki 2010 <kovacki@gmail.com>
*/
class Session
{
public static $_sessionId = NULL;
public static $session = array();
/**
* Start session
*/
public static function startSession() {
self::$_sessionId = (isset($_COOKIE['session_id']) ? $_COOKIE['session_id'] : NULL);
if ((!self::$_sessionId)||(!(self::$session=Doo::cache(Doo::conf()->sessionCacheType)->get('session_'.self::$_sessionId)))) {
// Create new session
self::$_sessionId = md5($_SERVER['REMOTE_ADDR'] . time() . rand(0,128));
self::$session['ip'] = $_SERVER['REMOTE_ADDR'];
self::$session['created'] = time();
}
setcookie('session_id', self::$_sessionId, (time()+3600*24*90), '/');
}
/**
* End session
*/
public static function endSession() {
$sessionStored = Doo::cache(Doo::conf()->sessionCacheType)->set('session_'.self::$_sessionId, self::$session);
}
}
You all noticed variable Doo::conf()->sessionCacheType so we need to add it in our protected/config/common.conf edit it and add:
$config['sessionCacheType'] = 'apc';
You can choose any type that is supported in Doo::cache, now we will edit our index.php, here is my bootstrap:
<?php
/**
* BOOTSTRAP
*/
//ini_set('display_errors', 1);
include './protected/config/common.conf.php';
include './protected/config/routes.conf.php';
include $config['BASE_PATH'].'Doo.php';
include $config['BASE_PATH'].'app/DooConfig.php';
# Uncomment for auto loading the framework classes.
function __autoload($classname){
Doo::autoload($classname);
}
Doo::conf()->set($config);
# remove this if you wish to see the normal PHP error view.
include $config['BASE_PATH'].'diagnostic/debug.php';
Doo::app()->route = $route;
Doo::loadClass('Session');
Session::startSession();
Doo::app()->run();
Session::endSession();
?>
As you can see we start session before we run DooPhp app and then close it after so all variables we change inside our session are stored in cache mechanism as array.
Now inside our controller we can do this:
Session::$session['username'] = 'DooPhp'; Session::$session['foo'] = 'bar';
And everything we had is stored inside cache mechanism, you access session as static array variable so you can use isset and unset functions to manipulate with session array data.
This is good way to implement fast session mechanism and pass using Apache sessions.
Thank you for reading. Please ask questions 
athear
9 Oct, 2010
Hi Milos,
I’m getting this error :
Fatal error: Call to undefined function apc_fetch() on line 42
It’s like missing function, CMIIW..
thanks
James
13 Oct, 2010
I like to know more about DooPHP session if it can be used to securely store temporary encrypted string like user password/session and is not accessible by clients?
Proyb3
13 Oct, 2010
How secure does DooPHP handle session? Can the temporary generate session key be store in your framework vs plain PHP session?
Mahmoud Jalajel
21 Oct, 2010
Hi, it’s a very nice post!
Can you describe what are the problems in the Apache sessions that this method will solve.
Thanks
Danni
9 Nov, 2010
My hosting company does not support APC, etc. Is using PHP would be fine ? e.g. $config['sessionCacheType'] = ‘php’;
Danni
9 Nov, 2010
Also whats the different with DooSession anyway ?
Milos Kovacki
15 Nov, 2010
Diffrence is you dont use apache sessions but rather you store session variables inside apc cache engine, you can implement any cache engine you want.
Jaromir Muller
22 Nov, 2010
Have you any performance comparison? Why should we avoid to ‘classic’ apache sesion handling?
Milos Kovacki
21 Dec, 2010
Its all about the performance, this is the main reason why I wrote this.
Its much faster when you are having large number of sessions for example 20,000