Home » Php » Looping Through All a Server's Sessions in PHP

Looping Through All a Server's Sessions in PHP

Posted by: admin April 23, 2020 Leave a comment

Questions:

Is there a way in PHP to get a list of all sessions (and the variables within each) on the server?

Basically, we have a maintenance function which needs to know which users are currently logged into the site. We already store data for each user in a session variable, but I am hoping that I can loop through each of these sessions and pluck out the data I need.

MY PHP is very limited (I am a .Net developer ussually) but if anyone knows if this is even possible (and how to do it) I’d be very grateful. I googled this, and the results I found tended to inidcate that it WASN’T possible, but I find this very hard to accept.

Still, If you can’t you can’t but I thought my buddies on StackOverflow could give me a definitive answer!

How to&Answers:

PHP stores session data for each user in a temporary folder on the server. This folder is defined in the php.ini configuration file under the variable session.save_path. Locate this value from within your php.ini file, or alternatively, create a php file with:

<?php echo "Session Save Path: " . ini_get( 'session.save_path');?>

as it’s contents, and open the file in your browser.

Once you find the save path for the session data, open up that folder and you’ll notice a fairly simple structure. All sessions are stored in the format: sess_$SESSIONID .

Session data is serialized before being stored on disk. As such, objects stored in the session file would have to be deserialized before being usable. However, if you’re using plain text, which is stored as-is, to store your session data (ex. $_SESSION['userid'] = 1234) to store information about your users, it should be easy enough to parse out the data you’re looking for from within the files.

One more thing … I haven’t looked into it, but it appears as though the session ID that appears in the filename corresponds directly to, for instance, the name of the PHPSESSID cookie stored on the user’s computer. So, with this in mind, it may be possible to loop through the files within the temporary session directory, acquire all the $SESSIONID values, set the current session ID using session_id($SESSIONID), start a session with session_start() and access the data you need through PHP without having to parse the contents files themselves. Can anyone confirm whether or not this would be possible?

Edit: Adjusted post to match Itay’s comment.

Answer:

Here’s a more succinct way to get a list of sessions via the stored files:

<?php
print_r(scandir(session_save_path()));
?>

Answer:

This will get you the data for all sessions, stored in an array and indexed by session id:

<?php
$allSessions = [];
$sessionNames = scandir(session_save_path());

foreach($sessionNames as $sessionName) {
    $sessionName = str_replace("sess_","",$sessionName);
    if(strpos($sessionName,".") === false) { //This skips temp files that aren't sessions
        session_id($sessionName);
        session_start();
        $allSessions[$sessionName] = $_SESSION;
        session_abort();
    }
}
print_r($allSessions);

Answer:

I used the @mgroat method in the ajax call, but there is a problem in the header of the HTTP response that the Set-Cookie header appears multiple times and jQuery reports an error:

Set-Cookie header is ignored in response from url:
mysite.com/admin/ajax/main_ajax. Cookie length should be less
than or equal to 4096 characters.

The solution is to add header_remove("Set-Cookie") right after session_start().