-
Notifications
You must be signed in to change notification settings - Fork 0
PDO Adapter
InitPHP\Sessions\Adapters\PDOAdapter stores sessions in a relational database
through PDO. Writes use a portable upsert (select, then insert or update), so
the same code works on MySQL, PostgreSQL and SQLite.
Requirements: ext-pdo and a driver (pdo_mysql, pdo_pgsql,
pdo_sqlite, …).
| Option | Type | Default | Notes |
|---|---|---|---|
pdo |
PDO |
— | An existing connection. |
dsn |
string | — | Used to connect when pdo is absent. |
username |
string | — | With dsn. |
password |
string | — | With dsn. |
table |
string | — | Required. Table that holds sessions. |
withIPAddress |
bool | false |
Also match the client IP on read/destroy. |
Either pdo or dsn is required. Missing table, or neither connection
source, throws a SessionInvalidArgumentException; a failed dsn
connection throws a SessionAdapterException.
CREATE TABLE `sessions` (
`id` VARCHAR(255) NOT NULL,
`sess_timestamp` DATETIME NULL DEFAULT NULL,
`sess_ip_address` VARCHAR(48) DEFAULT NULL,
`sess_data` TEXT NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;For PostgreSQL/SQLite use the equivalent column types (TIMESTAMP/TEXT); the
adapter's SQL is otherwise portable.
use InitPHP\Sessions\Session;
use InitPHP\Sessions\Adapters\PDOAdapter;
$pdo = new PDO('mysql:host=localhost;dbname=app', 'root', '');
$adapter = new PDOAdapter([
'pdo' => $pdo,
'table' => 'sessions',
]);
Session::createImmutable($adapter)->start();$adapter = new PDOAdapter([
'dsn' => 'pgsql:host=localhost;dbname=app',
'username' => 'postgres',
'password' => 'secret',
'table' => 'sessions',
]);With withIPAddress => true, the client IP ($_SERVER['REMOTE_ADDR'], or
0.0.0.0 when absent) is stored on write and used as an extra match condition on
read and destroy. A session is then only usable from the IP that created it —
extra defence against stolen-cookie replay:
$adapter = new PDOAdapter([
'pdo' => $pdo,
'table' => 'sessions',
'withIPAddress' => true,
]);
⚠️ Behind proxies/load balancersREMOTE_ADDRmay be the proxy's IP, and mobile clients change IP often. Enable this only when your network topology makes it reliable.
gc() deletes rows whose sess_timestamp is older than gc_maxlifetime and
returns the number removed. It runs on PHP's normal GC schedule, or manually:
$deleted = $adapter->gc(1440); // remove sessions older than 24 minutes-
read()returnssess_data, or''for an unknown session. -
write()upserts byid; repeated writes update the existing row (no duplicate-key errors). -
sess_timestampis stored as aY-m-d H:i:sstring and refreshed on every write.
initphp/sessions · MIT License · part of the InitPHP family
Source · Issues · Discussions · Packagist · Contributing · Security Policy
Getting Started
Core Usage
Adapters
- Adapters Overview
- File Adapter
- Redis Adapter
- PDO Adapter
- Cookie Adapter
- Memcache / Memcached Adapter
- MongoDB Adapter
- Custom Adapters
Reference
Practical Guides
Migration & Help