Custom Session Handlers
To implement database storage, or any other storage method, you
will need to use session_set_save_handler() to
create a set of user-level storage functions. A session handlers may be created
using the SessionHandlerInterface or extending PHP's internal handlers by inheriting
from SessionHandler.
The callbacks specified in session_set_save_handler() are methods
called by PHP during the life-cycle of a session: open
, read
,
write
and close
and for the housekeeping tasks:
destroy
for deleting a session and gc
for periodic garbage
collection.
Therefore, PHP always requires session save handlers. The default is usually the
internal 'files' save handler. A custom save handler can be set using
session_set_save_handler(). Alternative internal save handlers are also
provided by PHP extensions, such as sqlite
,
memcache
and memcached
and can be set with
session.save_handler.
When the session starts, PHP will internally call the open
handler followed by the
read
callback which should return an encoded string exactly as it was originally
passed for storage. Once the read
callback returns the encoded string, PHP will
decode it and then populate the resulting array into the $_SESSION superglobal.
When PHP shuts down (or when session_write_close() is called),
PHP will internally encode the $_SESSION superglobal and pass this
along with the session ID to the write
callback.
After the write
callback has finished, PHP will internally invoke the
close
callback handler.
When a session is specifically destroyed, PHP will call the destroy
handler with
the session ID.
PHP will call the gc
callback from time to time to
expire any session records according to the set max lifetime of a session.
This routine should delete all records from persistent storage which were
last accessed longer than the $lifetime
.