DB Managed Sessions using PHP and MySQL.
Written by: Greg Donald <gdonald@gmail.com>
$Id: docs.txt 9 2005-12-26 22:01:39Z destiney $

Database managed sessions are better than regular PHP sessions in a
couple of ways:

 -- Sessions information is stored in a database rather than in the
    /tmp directory, the usual PHP sessions storage medium.  Storing
    sessions in a database gives you an added layer of security as
    your database can be password protected, /tmp cannot.

 -- Binary databases such as MySQL are faster with reads and writes
    than plain text files in /tmp.


To Install Database Managed Sessions:

1) Create a 'sessions' table in your database, use the following
   schema:

  CREATE TABLE `sessions` (
    `id` varchar(32) NOT NULL default '',
    `data` text NOT NULL,
    `expire` int(11) unsigned NOT NULL default '0',
    PRIMARY KEY  (`id`)
  );

  a) If you use phpMyAdmin to manage your MySQL databases, you can
     simply copy and paste the above sql into the appropriate form
     field and submit it.

  b) If you use the mysql command line client, a query like this will
     work:

  mysql -u user -p password database < install.sql

  If you already have a table named "sessions" you can use a different
  sessions table name, just be sure and change the default value in the
  session.php file.


2) Edit the database connection parameters near the top of the
   session.php file.  Make sure your database user has the following
   minimal privileges:

  Select
  Insert
  Update
  Delete


3) Place the session.php file on your web server.  You may choose to
   place it above your web root, but this is not usually required as
   it does not produce any output itself.  If you already have an
   'include' directory that will probably work best.


4) Include the session.php file into your other PHP scripts that you
   require session management for.  The include call will look something
   like this:

  include('/path/to/include/session.php');


5) From here you have two options to use your new database driven
   sessions.

  a) If you chose to leave transparent sessions enabled in the
     session.php file, you do nothing, sessions will work by default.
     Pull up a script you included the session.php file in, then look
     in your sessions table, you should see a new session is now active.

  b) If you disabled transparent sessions, you will now have to attach
     the session information to all of your urls, so tracking occurs
     properly throughout your site.  The urls are formed like this:

<?php

$html = <<<EOF
<a href="http://example.com/index.php?$sn=$sid">A session capable url</a>
EOF;

?>

  or this:

<?php

$html  = '<a href="http://example.com/index.php?' . $sn . '=' . $sid;
$html .= '">A session capable url</a>';

?>


6) Done.