Session Wrapper (PHP)

  • Why store session information in database?
    • Security: better in database than in, sometimes publically available, /tmp directory on server
    • Logs: records of prior sessions, session durations and activity.

    class session {
        var $username = "";
        var $password = "";
        private $db;

        function __construct($web_db) {
            session_start();
            $db = $web_db;

            //check if there is an existing session Id
            //echo "----POST:".$_POST['uname'].",".$_POST['passwd']."---------";

            //store post values
            if (isset($_POST['uname']) and isset($_POST['passwd']) ) {
                 $this->username = $_POST['uname'];
                 $this->password = $_POST['passwd'];

                $_SESSION['username'] = $this->username;
                $_SESSION['password'] = $this->password;

                echo "Session variable username is: ".$_SESSION['username']."---<br>";
            }
        }

        function getUsername() {
            return isset($_SESSION['username']) ? $_SESSION['username'] : 0;
        }
        function getPassword() {
            return isset($_SESSION['password']) ? $_SESSION['password'] : 0;
        }

        function postlogin() {
            if (isset($_POST['uname']) and isset($_POST['passwd']))
                return 1;
        }

        function destroy() {
            session_destroy();
        }


    }