Zebra_Session, a wrapper for PHP’s default session handling functions, using MySQL for storage

Get the latest updates on this PHP library via RSS

You are currently browsing comments. If you would like to return to the full story, you can read the full entry here: “Zebra_Session, a wrapper for PHP’s default session handling functions, using MySQL for storage”.

106 responses to “Zebra_Session, a wrapper for PHP’s default session handling functions, using MySQL for storage”

Follow the comments via RSS
  • Ngoc Phuong, 2013-02-17, 04:10

    Hello Stefan Gabos, thank for your sharing, i really like your class.
    I have a small probem using your session handler class,
    i have mysql_close function on destruct of database class and it prevent Zebra_Session from connecting to database. Is it necessary to remove mysql_close function on destruct? it wil make the web page keep connection with database server and server will harder, thank you!

    • Stefan Gabos, 2013-02-17, 09:36

      You can remove “mysql_close” from the constructor as mysql connections “are automatically closed at the end of the script’s execution” (see http://php.net/manual/en/function.mysql-close.php).

    • Ngoc Phuong, 2013-02-17, 12:30

      thank you very much!

  • Neil S Hamilton, 2013-03-06, 15:47

    Hi there,

    Firstly congratulations on a really useful PHP class. I was going to write this myself when we moved to having 2 webservers running of one MySQL server, but then I came across this, which does a better job than anything I could have written.

    However, I think there may be an issue with the fact that this class adds an extra layer of security above PHP standard session management, by noting the value of $_SERVER[‘HTTP_USER_AGENT’]. The problem with this approach, as I’ve seen over the past couple of weeks, is that when, say, Chrome updates its user agent string (as happens frequently for Chrome and probably Firefox) then because the user agent no longer matches, the session can’t be found. Except because the cookie value of PHP’s session ID is still the same, the session doesn’t recreate, it just has blank data and won’t save anything.

    My solution to this was to add an option to disable the HTTP_USER_AGENT check – strictly it shouldn’t be necessary as PHP sessions are generally considered secure enough for most things.

    There may be a better way round this, but that’s what I’ve done, so we don’t alienate all our Chrome users 🙂

    • Stefan Gabos, 2013-03-06, 15:54

      The same happens for Internet Explorer users when IE switches on and off of compatibility mode, by itslef;
      If you are using the latest version, then all you have to do is to set the “lock_to_user_agent” argument of the constructor to FALSE; see the documentation.

  • Lindsay, 2013-04-02, 02:08

    Great code. I had a session library that worked until they upgraded the server to a cluster and then it fell over. But I popped in your code and bingo! 🙂

    One question: I saw your code for handling sub-domains but is there a simple approach to passing sessions across two totally different domains?

  • damian, 2013-06-03, 10:42

    you have a rest of code for forhiben acces to the webpage? i like to know your way for autentification, or example of aplication in autorization system. thanks

    • Stefan Gabos, 2013-06-04, 04:49

      nope. this library is for session management, which, incidentally, can be used to build an authentication system. google for “php authentication library” and you’ll probably find what you are looking for

  • Marciano Dias, 2013-07-30, 11:45

    When I access the page shows:
    Zebra_Session: No database selected

    – I’m trying to use the Zebra_Database concetar up.
    – If I use:
    mysql_connect (SERVER, USER, PASS, DB);
    mysql_select_db (DB);

    • Stefan Gabos, 2013-08-02, 07:09

      unfortunately this is isn’t going to work as Zebra_Session uses the old mysql extension while Zebra_Database (the new version) uses the mysqli extension. I will release an updated version of Zebra_Session but can’t give you a time frame. Until then, you could use an older version of Zebra_Database

    • Stefan Gabos, 2013-08-03, 12:31

      I’ve released an updated version of Zebra_Session which can be used together with the latest version of Zebra_Database – it turns out I’ve already made the switch just forgot about it…

    • Marciano Dias, 2013-11-08, 01:07

      After upgrading, I got the following error:
      Zebra_Session: Unknown column ‘hash’ in ‘where clause’

    • Stefan Gabos, 2013-11-08, 09:38

      that’s because in 2.0.4 table structure has changed; now the column called previously “http_user_agent” is now called “hash”

    • Marciano Dias, 2013-11-09, 13:37

      excuse me, please. was my lack of attention. had already solved the problem. anyway, thanks.

  • Sandeep, 2013-08-27, 18:26

    Good Library, i liked it as i could use it with my existing website.

    So, I have tried to use Zebra Session today, and it carries session up to 2 pages after that i see it does not have session data in DB and i get redirected back to login page.

    • Shawn, 2014-10-28, 00:03

      Yeah…. I get the same thing minus being knocked out. I can see it going to the functions, by forcing errors and errors I put up in the functions show by returning trigger_error, but got an empty database when running with no errors.

    • Shawn, 2014-10-28, 00:29

      Ah, I have or downloaded an older version from PHPClasses.org. Maybe update that one? Will see from here.

    • Stefan Gabos, 2014-10-28, 22:20

      I don’t maintain any code based other than what’s on GitHub. Those from PHPClasses.org must be some 7 years old 🙂

  • Sandeep, 2013-08-28, 07:32


    I had PHP 5.3 on server and was not able to upgrade to PHP 5.5. so i update your great library for PHP 5.5 my_sql connections and it works great. Thanks a lot to save me.

    I think you should put both library on server for lesser PHP 5.5 and for PHP 5.5. i can share the library if you need to put it here so it can help more developers.

    Thanks alot once again.

  • coolo, 2013-09-11, 02:15

    Thanks for the code. Looks like I was able to make this work with mysqli just now. I had to explicitly send $link when instantiating the class, change all the _mysql wrapper functions to the appropriate syntax for mysqli, and find the 2 spots (in the read function) validating for resources and instead validate for objects. Took a little while (I am a novice at this), but I figured it out.

    • coolo, 2013-09-11, 02:23

      Aw man, now I see that there is a new version that already has mysqli support built in. *slaps head*

  • confused, 2014-03-06, 12:54

    I am trying to use this code but when the page is reloaded the session variables are no where to be seen.

    There seems to be an issue with the read() function. Using mysqli here.

  • Vladimir, 2014-07-02, 03:21

    There is problem when session expires and method read() call method regenerate_id() function session_regenerate_id() not work.
    I check headers_sent() and return FALSE. Next I try session_destroy() but receive Warning: Trying to destroy uninitialized session in…
    When try from script to call $session->regenerate_id(); works perfect.
    I have no idea why this happening please suggest any solutions.


  • Heart, 2014-07-06, 18:34

    Hello! I like your class. I wanted to ask that can I use it in my application which is intended to be sold?

    • Stefan Gabos, 2014-07-13, 09:30

      you can use it.

  • Thomas, 2014-07-10, 16:08


    wouldn’t it be better to use “SELECT … FOR UPDATE” instead of GET_LOCK()?

    – On http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_get-lock it says: “Note
    If a client attempts to acquire a lock that is already held by another client, it blocks according to the timeout argument. If the blocked client terminates, its thread does not die until the lock request times out. This is a known bug (fixed in MySQL 5.5).”

    – if the application calls GET_LOCK again (e.g. with another lock key), the first GET_LOCK is released.

    “SELECT … FOR UPDATE” is released when the according transaction ends (commit, rollback, script ends).

    Sounds to be the better choice.

    What do you think?



  • Wane, 2014-09-14, 14:52

    I am getting a message: zebra_session: could not obtain session lock!
    Did I configure something wrong?

  • Shawn, 2014-11-07, 22:23

    Great script. This and HybridAuth to not work together which is sad. Need both, and not changing this script out.

  • Mavi, 2014-12-13, 20:40


    I implemented zebra_session class in my website but there is one problem with the database connection.

    I use my own database wrapper class and I call dbClose() to close the database connection which is the last statement on my pages but then Zebra_session gives me error that no database connection because it executes its close and _manage_flashdata function even after the last line of code executed on page.

    So how can I solve this problem I want to close the db connection when page execution is finished.


Leave a Reply

Your email address will not be published
You can use <strong>, <em>, <a>, <img>, <code>
Characters are not case-sensitive