Skip to content

Instantly share code, notes, and snippets.

@mindplay-dk

mindplay-dk/session-life-cycle.md

Last active August 26, 2024 23:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mindplay-dk/623bdd50c1b4c0553cd3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mindplay-dk/623bdd50c1b4c0553cd3 to your computer and use it in GitHub Desktop.
Download ZIP
Complete overview of the PHP SessionHandler life-cycle
Raw
session-life-cycle.md

This page provides a full overview of PHP's SessionHandler life-cycle - this was generated by a set of test-scripts, in order to provide an exact overview of when and what you can expect will be called in your custom SessionHandler implementation.

The <?php tag in the following indicates the start of a new script request made by a client with cookies enabled.

To the left, you can see the function being called in your script, and to the right, you can see the resulting calls being made to a custom session-handler registed using session_set_save_handler().

Output on the left side (from echo statements) is indicated by an extra level of indentation.

<?php
session_start();
                      # SessionHandler::open('C:\\server\\temp', 'PHPSESSID')
                      # SessionHandler::create_sid()
                      # SessionHandler::read('f57cvufkbu6qgfiqkksuagl257')
$_SESSION['foo'] = 'bar';
session_write_close();
                      # SessionHandler::write('f57cvufkbu6qgfiqkksuagl257', 'foo|s:3:"bar";')
                      # SessionHandler::close()
<?php
session_start();
                      # SessionHandler::open('C:\\server\\temp', 'PHPSESSID')
                      # SessionHandler::read('f57cvufkbu6qgfiqkksuagl257')
echo $_SESSION['foo'];
    bar
session_write_close();
                      # SessionHandler::write('f57cvufkbu6qgfiqkksuagl257', 'foo|s:3:"bar";')
                      # SessionHandler::close()
<?php
session_start();
                      # SessionHandler::open('C:\\server\\temp', 'PHPSESSID')
                      # SessionHandler::read('f57cvufkbu6qgfiqkksuagl257')
session_regenerate_id();
                      # SessionHandler::create_sid()
echo $_SESSION['foo'];
    bar
session_write_close();
                      # SessionHandler::write('dp1srap0fn9isne4na6mm83mt4', 'foo|s:3:"bar";')
                      # SessionHandler::close()
<?php
session_reset();
session_write_close();
<?php
session_start();
                      # SessionHandler::open('C:\\server\\temp', 'PHPSESSID')
                      # SessionHandler::read('dp1srap0fn9isne4na6mm83mt4')
session_destroy();
                      # SessionHandler::destroy('dp1srap0fn9isne4na6mm83mt4')
                      # SessionHandler::close()
Copy link
Copy Markdown

ghost commented Jan 26, 2016

Good overview but like for my you missed better implementation of sid creation, made of all characters like in original , default session handler implementation.

@azazqadir
Copy link
Copy Markdown

azazqadir commented Jul 31, 2018

Did you used any server for session handling in PHP. I think it becomes easier when you are using Redis as php session handler. Redis is now being used for session handling instead of memcached, because it is faster, support different data types and supports application scalability.

@amfleurke
Copy link
Copy Markdown

amfleurke commented Nov 24, 2020
edited
Loading

Note that session_start() will call open() followed by close() instead of read(), if open() returns false and you're using php7! (I think from v7.1)

@duboism
Copy link
Copy Markdown

duboism commented Jun 23, 2021

I'm considering to update the documentation about SessionHandlerInterface and I think that a graphical representation of the session life-cycle would greatly help. Would you be interested to cooperate on that ?

@mindplay-dk
Copy link
Copy Markdown
Author

mindplay-dk commented Jun 24, 2021

@duboism I'm not currently using PHP for work, so, no thanks.

(I also back then ended up not using PHP's session abstraction, at all - instead, we ended up going all-in on PSR middleware, and built a much simpler custom solution for session management, avoiding $_REQUEST and everything around PHP native sessions. It was a much better experience - easy to write tests, and so on.)

@duboism
Copy link
Copy Markdown

duboism commented Jun 24, 2021

@mindplay-dk Thanks for your thoughts on this, it's interesting. I will probably reuse your approach to gain some understanding of PHP sessions. Do you still have the code for that ?

@mindplay-dk
Copy link
Copy Markdown
Author

mindplay-dk commented Jun 24, 2021

@duboism for old-fashioned PHP session handlers described in this gist? No, there was no code. We decided PHP's native session-handling was too much of a mess, and went the PSR middleware route instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment