Looping Through All a Server's Sessions in PHP

Question

Is there a way in PHP to get a list of all sessions (and the variables within each) on the server?

Basically, we have a maintenance function which needs to know which users are currently logged into the site. We already store data for each user in a session variable, but I am hoping that I can loop through each of these sessions and pluck out the data I need.

MY PHP is very limited (I am a .Net developer ussually) but if anyone knows if this is even possible (and how to do it) I'd be very grateful. I googled this, and the results I found tended to inidcate that it WASN'T possible, but I find this very hard to accept.

Still, If you can't you can't but I thought my buddies on StackOverflow could give me a definitive answer!

cmptrgeekken · Accepted Answer · 2009-03-24T02:40:34.847

PHP stores session data for each user in a temporary folder on the server. This folder is defined in the php.ini configuration file under the variable session.save_path. Locate this value from within your php.ini file, or alternatively, create a php file with:

<?php echo "Session Save Path: " . ini_get( 'session.save_path');?>

as it's contents, and open the file in your browser.

Once you find the save path for the session data, open up that folder and you'll notice a fairly simple structure. All sessions are stored in the format: sess_$SESSIONID .

Session data is serialized before being stored on disk. As such, objects stored in the session file would have to be deserialized before being usable. However, if you're using plain text, which is stored as-is, to store your session data (ex. $_SESSION['userid'] = 1234) to store information about your users, it should be easy enough to parse out the data you're looking for from within the files.

One more thing ... I haven't looked into it, but it appears as though the session ID that appears in the filename corresponds directly to, for instance, the name of the PHPSESSID cookie stored on the user's computer. So, with this in mind, it may be possible to loop through the files within the temporary session directory, acquire all the $SESSIONID values, set the current session ID using session_id($SESSIONID), start a session with session_start() and access the data you need through PHP without having to parse the contents files themselves. Can anyone confirm whether or not this would be possible?

Edit: Adjusted post to match Itay's comment.

It is worth to mention that this kind of hacks are terrible idea. PHP has 'share nothing' architecture and trying to hack it would be like using a screwdriver for planting nails. Instead of parsing serwer internal files create your own one, or better use database to persist whatever you need. — smentek, Jul 27 '11 at 08:49
php has option to save session data in memory. not always we can get them out from files. — jondinham, Nov 19 '11 at 06:31
and more, those "ses_*" files may be placed under a multi-level structure of directories. this is what said in php.net — jondinham, Nov 20 '11 at 04:56

score 10 · Answer 2 · answered Sep 19 '17 at 13:08

10

This will get you the data for all sessions, stored in an array and indexed by session id:

<?php
$allSessions = [];
$sessionNames = scandir(session_save_path());

foreach($sessionNames as $sessionName) {
    $sessionName = str_replace("sess_","",$sessionName);
    if(strpos($sessionName,".") === false) { //This skips temp files that aren't sessions
        session_id($sessionName);
        session_start();
        $allSessions[$sessionName] = $_SESSION;
        session_abort();
    }
}
print_r($allSessions);

answered Sep 19 '17 at 13:08

mgroat

1,092
1
11
16

Finally - it took way too long to find this answer. Thanks! – user1274820 Aug 06 '18 at 06:23
1

While this does display all sessions, it also sets you as logged in to the last visible session. Is there a way to restore the users current session (particularly a "not logged in" session)? – user1274820 Aug 06 '18 at 06:25
1

@user1274820 you just neet to do `$originalSession = session_id(); ` before, and `session_id($originalSession); session_start();` after. This will restore the original session. – dmikam Feb 04 '19 at 09:42

score 9 · Answer 3 · answered Feb 21 '13 at 16:55

9

Here's a more succinct way to get a list of sessions via the stored files:

<?php
print_r(scandir(session_save_path()));
?>

answered Feb 21 '13 at 16:55

Alastair

6,837
4
35
29

score 0 · Answer 4 · answered Dec 18 '18 at 08:38

I used the @mgroat method in the ajax call, but there is a problem in the header of the HTTP response that the Set-Cookie header appears multiple times and jQuery reports an error:

Set-Cookie header is ignored in response from url: mysite.com/admin/ajax/main_ajax. Cookie length should be less than or equal to 4096 characters.

The solution is to add header_remove("Set-Cookie") right after session_start().

Looping Through All a Server's Sessions in PHP

4 Answers4

Linked