NaSMail About  |  Documentation  |  Downloads  |  Plugins  |  Contribs  |  Project Site

Storing PHP sessions in database

By default PHP session information is stored in directory that is set in PHP session.save_path setting. This setting can be set in php.ini, web server config or .htaccess files.

If you want to share session information between two web servers, you can use that directory in some networked file system.

If you prefer database, PHP session extension provides functions that allow overriding default session storage backend with custom backend functions. See session-set-save-handler.

ADOdb libraries provide easy way to use this function. You only have to load ADOdb includes, session database configuration and ADOdb session includes before every session_start() function call.

In order to avoid need to hunt every session_start() call and modify every script that uses it, you can also use PHP auto_prepend_file setting and load ADOdb code in that included file.

For example:

1. You create file /some-path/sessiondb.php that contains:

<?php
include_once('/path/to/adodb/adodb.inc.php');
$ADODB_SESSION_DRIVER='some driver';
$ADODB_SESSION_CONNECT='some address';
$ADODB_SESSION_USER ='some username';
$ADODB_SESSION_PWD ='some password';
$ADODB_SESSION_DB ='session database';
include(ADODB_DIR . '/session/adodb-session.php');

2. Then you prepare database for session information. ADOdb v.4.60 provides sql dumps for MySQL and Oracle.

3. Then you add auto_prepend_file setting to your web server config.

<directory /var/www/nasmail>
   php_value auto_prepend_file "/some-path/sessiondb.php"
   # ... other directory options ...
</directory>

4. Restart web server in order to apply modifications in config and see how your NaSMail installation starts using database to store session info.

ADOdb session functions also support encryption and compression of session data.

WARNING: it is possible that sessions on networked file system or database are slower and there might be some problems with some imap servers.

Custom Session Handler option

NaSMail 1.5 added configuration option that allows to set custom session handler. $custom_session_handler configuration variable can be set to function, which configures session options correctly. Such function can be loaded in PHP auto_prepend_file option or NaSMail config/config_local.php file.

Below is sample function for use in $custom_sesssion_handler.


/**
 * Sample custom session handler for adodb adodb-session2.php.
 */
function custom_adodb_session() {
    include_once('/path/to/adodb/adodb.inc.php');
    include_once(ADODB_DIR . "/session/adodb-session2.php");

    // these four lines must be disabled in adodb-session2.php
    ADODB_Session::_init();
    if (empty($ADODB_SESSION_READONLY)) {
        register_shutdown_function('session_write_close');
    }

    ADOdb_Session::config('some driver', 'some address', 'some username', 'some password', 'session database');
}

Known Issues

Starting session

Preloaded scripts should set session parameters and should not start session. NaSMail scripts don't like sessions started too early and close them.

session_destroy() + session_start()

PHP resets session handlers after session destroy() function call. See http://bugs.php.net/bug.php?id=32330. NaSMail can trigger this issue in src/login.php script, if session expires when user writes email.

If you want to use AdoDB sessions in NaSMail 1.0-1.4, you should fix code in src/login.php. Find sqsession_destroy() call and add AdoDB session init code after it.


  sqsession_destroy();

  /** custom session init code starts here */
  ADODB_Session::_init();
  if (empty($ADODB_SESSION_READONLY)) {
   register_shutdown_function('session_write_close');
  }
  ADOdb_Session::config('some driver', 'some address', 'some username', 'some password', 'session database');
  /** custom session init code ends here */

  /**
   * @ is used for PHP 4.1-4.2 workaround.
   * E_NOTICE when session is destroyed and restarted
   */
  @sqsession_is_active();

It is no longer issue in NaSMail 1.5 and later, because custom session is activated with special session handler option.

Attachment directory

If you store used data and sessions in database, it still does not allow to cluster NaSMail on web servers without some shared file storage. NaSMail saves temporally data and uploaded email attachments in attachment directory. This directory must be shared between clustered web server or used load balancer must keep user session on one web server.

About this document

This document was originally written for SquirrelMail webmail interface. This document version can include information specific to NaSMail interface. SquirrelMail and NaSMail code is similar and same instructions can work for SquirrelMail. We don't support setups that follow these instructions in SquirrelMail. If you are using SquirrelMail and want to store sessions in database, follow instructions in SquirrelMail documentation.


This file last modified on 2013-07-23 12:26 MST
Copyright © 2006-2009 The NaSMail Project