Access all server session variables

Question

I thought about some helper to manage session variables on my development localhost.

I would like to read,change and delete session variables from ALL vhosts on my machine.

As far i know, from PHP i can access only current host session variables, which will be populated to $_SESSION variable, after call to session_start. That's not enough for my needs.

After some research (ex. Access active sessions in PHP) i found solution :

• Load all files from php session directory
• Use session_decode to load data to $_SESSION variable
• Read/change/delete some variables
• Use session_encode to encode my session back to file

There is any better method to do that? Maybe there is already dedicated tool for that task?

EDIT: Another solution which i now currenty use is just enable debugger in IDE for desired project, and use watches/stack window to edit session.

EDIT2: I dont want any project-specific solution like storing session data in database. This should work "out-of-the-box", for any project. For better understanding, use example: In magento admin panel grid filters are stored in session variables. When you enable broken filter there is an error page, and you can't easily disable this filter without removing session cookie, or setting debugger for it.

Answer 1

I spend some time once with a script that programatically "expires" server sessions to obtain info about user inactivity. On that occasion, I had a database with session_ids to transverse, but it can be done with directory listing (note that are php's compilation specific advices on code)

//Preserve runtime variable
$pre_config = ini_get('session.use_cookies');
//Check previous session_start();
if($previous_sid = session_id()){
    //close and save current session 
    session_write_close();
}

//To determine where php session files are stored, see http://stackoverflow.com/questions/4927850/location-for-session-files-in-apache-php
if(($save_path = session_save_path()) === ''){
    // PHP compilation specific
    // There are diferences between CLI (saves in sys_get_temp_dir()) and mod_php (where session_save_path() works) on Fedora 12
    $save_path =  '/var/lib/php/session/';
    session_save_path('/var/lib/php/session/');
}

//Avoid new cookies from other session_start()
ini_set('session.use_cookies', false);

//Do the magic
if ($handle = opendir($save_path)) {
    while (false !== ($entry = readdir($handle))) {
        if (strpos($entry, 'sess_') === 0) {
            $session_id = str_replace('sess_' , '', $entry);
            session_id($session_id);
            session_start();
            //Do whatever you want with this session, using $_SESSION 
            session_write_close();
        }
    }

    closedir($handle);
}

//Restore previous configuration
ini_set('session.use_cookies', $pre_config);
//Restore previous session
if($previous_sid) {
    session_id($previous_sid);
    session_start();
}

I do not recommend running this code on client request. Remember that session_start block script execution while "session id" is in use on another request. And I think that is not recommended to run it by a CLI script, because PHP embedded on WebServers and PHP CLI uses different environment and configurations (besides the fact that the running user of a PHP CLI must be the same user that runs the WebServer to prevent permission deny).

I think that the ideal solution is to trigger requests to this script with a HTTP GET periodically (by linux crontab or similar), of course this solution depends on final use been planned. If HTTP request trigger can be done, the part of the code that saves previous settings and session can be eliminated.