php extension: session_mysql - version 1.0
Author: Pavel Stano <stano@websupport.sk>
Homepage: http://websupport.sk/~stanojr/projects/session_mysql/
Licence: dual licence beerware / MIT (you can choose)
Copyright 2005 by Pavel Stano. All rights reserved

WTF

- mysql session save handler for php

SOME THINGS TO KNOW
- support locking
- very quiet (doesnt log any error) (but upper session functions can print some error)
- php must be compiled with mysql support

patches and comments are welcome 

--------

CHANGELOG

12.06.2006 - ver 1.9 - fixes compilation with ZTS (thanks to Elan Ruusame)
                     - default port set to 3306 (thanks to Juan Fernndez)
17.04.2006 - ver 1.8 - fixed persistent connections with mysql 5.0 client library (thanks to zoeloelip)
                     - fixed session_destroy - when affected rows==0 we must return SUCCESSFUL (thanks to zoeloelip)
                     - add port, sock variables to session_mysql.db
09.03.2006 - ver 1.7 - security fix - db/login/pass can be retrieved via get_cfg_var('session_mysql.db')
                       so change back to standard ini parsing function PHP_INI_MH
                       and replace string session_mysql.db with character ' ' (SPACE) after parsing
                     - everything can be now changed via .htaccess (session_mysql.db too)
                     - support for hardened patch (http://hardened-php.net/)
25.02.2006 - ver 1.6 - fixed bug that caused SEGFAULT on 64bit system (because we use size_t for vallen variable and really it is int type)
22.11.2005 - ver 1.5 - add optimize table in destroy function
                     - licence changed from beerware to dual licence beerware / MIT (MIT is BSD like, so you can sell it you evil capitalist ;))
19.11.2005 - ver 1.4 - fixed reading of session data where is NULL '\0'
15.11.2005 - ver 1.3 - add release_lock in destroy function
                     - append sess_host after sess_key in get_lock and release_lock
                     - these options can be changed in .htaccess and httpd.conf via php_flag directive (lock_timeout via php_value, because it is stored as string)
                       session_mysql.hostcheck
                       session_mysql.hostcheck_www
                       session_mysql.locking
                       session_mysql.lock_timeout
                       session_mysql.quiet
06.11.2005 - ver 1.2 - fixed some bugs
                     - locking support via GET_LOCK()/RELEASE_LOCK(), so locking is possible with myisam)
                     - new option session_mysql.quiet, default 0, when set to 1, return in many functions SUCCESSFUL, so upper session functions dont log really anything
                     - chaged sess_val in create table from blob(64kB) to mediumblob(16MB)
06.11.2005 - ver 1.1 - dont display session_mysql.db in phpinfo, because there is mysql user and password :)
05.11.2005 - ver 1.0 - first release

--------

HOW TO INSTALL

1. create database,table and user on mysql
sql commands:
 create database phpsession;
 grant all privileges on phpsession.* to phpsession identified by "phpsession"; -- CHANGE DEFAULT PASSWORD
 create table phpsession(
   sess_key char(64) not null,
   sess_mtime int(10) unsigned not null,
   sess_host char(64) not null,
   sess_val mediumblob not null,

   index i_key(sess_key(6)),
   index i_mtime(sess_mtime),
   index i_host(sess_host)
 );

2. install this extension
 /path/to/phpize
 ./configure --enable-session-mysql --with-php-config=/path/to/php-config --with-mysql=/path/to/mysql
 make
 make install

3. configure php.ini

session.save_handler = "mysql"
session_mysql.db="host=localhost db=phpsession user=phpsession pass=phpsession" -- CHANGE DEFAULT PASSWORD

4. restart apache

--------

CONFIGURATION OPTIONS (and default values after =)

 session_mysql.db="host=localhost db=phpsession user=phpsession pass=phpsession"
   you can additionaly use sock and port

 session_mysql.hostcheck="1"
   when inserting, retreiving and deleting session from database, add a check for $_SERVER['SERVER_NAME']
   this disables potential security problem (when used in mass virtualhosting), because users cannot edit session for other domains
   $_SERVER['SERVER_NAME'] is copied to local variable before script is executed, so when users change $_SERVER['SERVER_NAME']
   variable, it does not hurt

 session_mysql.hostcheck_removewww="1"
   remove "www." if exist from $_SERVER['SERVER_NAME'], so same session on www.example.com and example.com will work

 session_mysql.persistent="1"
   use persistent connection to mysql (every 1 httpd process will use 1 connection to mysql)

 session_mysql.gc_maxlifetime="21600"
   remove sessions older than 21600 seconds when GC (garbage collector) is waked

 session_mysql.locking="1"
   locking support via GET_LOCK()/RELEASE_LOCK(), for more information read this http://www.issociate.de/board/post/184369/warning_&_question_about_mysql_sessions_&_concurrency.html

 session_mysql.lock_timeout="5" 
   lock timeout, default 5 seconds

 session_mysql.quiet="0"
   when set to 1, return always SUCCESSFUL, so upper session functions dont log really anything

 OTHER USEFUL OPTIONS
 session.save_handler - must be set to "mysql"

 session.gc_probability = 1
 session.gc_divisor     = 100
   Define the probability that the 'garbage collection' process is started
   on every session initialization.
   The probability is calculated by using gc_probability/gc_divisor,
   e.g. 1/100 means there is a 1% chance that the GC process starts
   on each request.
 
