We are locking some inventory for clients, the table that locks the inventory contains the session ID of who locked it together with other information about the client. When the session expires we want to unlock that inventory so other people can purchase it. Because we register the session_id() in the table, knowing it, is there a way to check if the session is still active in PHP?
If we are using the DB to keep the session we can probably check if the row is till there and when was the last activity was, in memcached we can probably figure out the key of the session and check it like that, for the file session we can probably do the same, figure out the file name for the session and check if the file exists.
Is there something that works everywhere no matter where you keep the session?
session_id () returns the session id for the current session or the empty string ("") if there is no current session (no current session id exists). Just what you need for PHP below 5.4 ! ;) Show activity on this post. // You can Create your variable and check, exist it.
session_id. (PHP 4, PHP 5, PHP 7) session_id — Get and/or set the current session id. session_id ([ string $id ] ) : string. session_id() is used to get or set the session id for the current session. The constant SID can also be used to retrieve the current name and session id as a string suitable for adding to URLs.
session_status is available for PHP v5.4 and later, maybe that's why. session_id () returns the session id for the current session or the empty string ("") if there is no current session (no current session id exists). Just what you need for PHP below 5.4 !
“An active PHP session was detected A PHP session was created by a session_start () function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close () before making any HTTP requests.”
In summary, you are asking if there is a generic approach within PHP to access any session. Although the use case in the question is plausible, the impact of being able to do what you suggest poses a massive security risk.
That is one reason why the inbuilt session functionality within PHP makes doing what you require difficult.
In theory you may be able to use the inbuilt PHP session functions to specify specific session ID's and look them up. I have just done a few simple tests and not had much success. There is only one inbuilt function for loading sessions 'session_start' which would need to be called repeatedly. The manual specifically says this won't work:
As of PHP 4.3.3, calling session_start() after the session was previously started will result in an error of level E_NOTICE. Also, the second session start will simply be ignored.
It may still be possible to work around this, perhaps with forking or other clever fiddles. But your code would be working in an obscure way which could break with future PHP updates or possibly interfere with existing live sessions.
The best solution, would be to write a tool specific to the session handler in use that allows read only access to the session. The scenario in the question doesn't even need access to the session data, just the timestamp information which can be used to calculate the expiry time.
In the case of 'files' session handling. The path to the session file store can be discovered with ini_get('session.save_path');
. The checking script may need to run with the same permissions as the web server in order to access this location.
The script would need to run frequently on a schedule to check for expired sessions and remove the locks from the inventory.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With