How to Use PdoSessionHandler to Store Sessions in the Database

How to Use PdoSessionHandler to Store Sessions in the Database

Caution

There was a backwards-compatibility break in Symfony 2.6: the database schema changed slightly. See Symfony 2.6 Changes for details.

The default Symfony session storage writes the session information to file(s). Most medium to large websites use a database to store the session values instead of files, because databases are easier to use and scale in a multi-webserver environment.

Symfony has a built-in solution for database session storage called PdoSessionHandler. To use it, you just need to change some parameters in config.yml (or the configuration format of your choice):

  • YAML
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    # app/config/config.yml
    framework:
        session:
            # ...
            handler_id: session.handler.pdo
    
    services:
        pdo:
            class: PDO
            arguments:
                # see below for how to use your existing DB config
                dsn:      "mysql:dbname=mydatabase"
                user:     myuser
                password: mypassword
            calls:
                - [setAttribute, [3, 2]] # \PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION
    
        session.handler.pdo:
            class:     Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler
            arguments: ["@pdo"]
    
  • XML
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    <!-- app/config/config.xml -->
    <framework:config>
        <framework:session handler-id="session.handler.pdo" cookie-lifetime="3600" auto-start="true"/>
    </framework:config>
    
    <services>
        <service id="pdo" class="PDO">
            <argument>mysql:dbname=mydatabase</argument>
            <argument>myuser</argument>
            <argument>mypassword</argument>
            <call method="setAttribute">
                <argument type="constant">PDO::ATTR_ERRMODE</argument>
                <argument type="constant">PDO::ERRMODE_EXCEPTION</argument>
            </call>
        </service>
    
        <service id="session.handler.pdo" class="Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler">
            <argument type="service" id="pdo" />
        </service>
    </services>
    
  • PHP
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    // app/config/config.php
    use Symfony\Component\DependencyInjection\Definition;
    use Symfony\Component\DependencyInjection\Reference;
    
    $container->loadFromExtension('framework', array(
        ...,
        'session' => array(
            // ...,
            'handler_id' => 'session.handler.pdo',
        ),
    ));
    
    $pdoDefinition = new Definition('PDO', array(
        'mysql:dbname=mydatabase',
        'myuser',
        'mypassword',
    ));
    $pdoDefinition->addMethodCall('setAttribute', array(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION));
    $container->setDefinition('pdo', $pdoDefinition);
    
    $storageDefinition = new Definition('Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler', array(
        new Reference('pdo'),
    ));
    $container->setDefinition('session.handler.pdo', $storageDefinition);
    

Configuring the Table and Column Names

This will expect a sessions table with a number of different columns. The table name, and all of the column names, can be configured by passing a second array argument to PdoSessionHandler:

  • YAML
    1
    2
    3
    4
    5
    6
    7
    8
    # app/config/config.yml
    services:
        # ...
        session.handler.pdo:
            class:     Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler
            arguments:
                - "@pdo"
                - { 'db_table': 'sessions'}
    
  • XML
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    <!-- app/config/config.xml -->
    <services>
        <service id="session.handler.pdo"
            class="Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler">
            <argument type="service" id="pdo" />
            <argument type="collection">
                <argument key="db_table">sessions</argument>
            </argument>
        </service>
    </services>
    
  • PHP
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    // app/config/config.php
    
    use Symfony\Component\DependencyInjection\Definition;
    // ...
    
    $storageDefinition = new Definition(
        'Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler',
        array(
            new Reference('pdo'),
            array('db_table' => 'session')
        )
    );
    $container->setDefinition('session.handler.pdo', $storageDefinition);
    

2.6The db_lifetime_col was introduced in Symfony 2.6. Prior to 2.6, this column did not exist.

The following things can be configured:

  • db_table: (default sessions) The name of the session table in your database;
  • db_id_col: (default sess_id) The name of the id column in your session table (VARCHAR(128));
  • db_data_col: (default sess_data) The name of the value column in your session table (BLOB);
  • db_time_col: (default sess_time) The name of the time column in your session table (INTEGER);
  • db_lifetime_col: (default sess_lifetime) The name of the lifetime column in your session table (INTEGER).

Sharing your Database Connection Information

With the given configuration, the database connection settings are defined for the session storage connection only. This is OK when you use a separate database for the session data.

But if you'd like to store the session data in the same database as the rest of your project's data, you can use the connection settings from the parameters.yml file by referencing the database-related parameters defined there:

  • YAML
    1
    2
    3
    4
    5
    6
    7
    services:
        pdo:
            class: PDO
            arguments:
                - "mysql:host=%database_host%;port=%database_port%;dbname=%database_name%"
                - "%database_user%"
                - "%database_password%"
    
  • XML
    1
    2
    3
    4
    5
    <service id="pdo" class="PDO">
        <argument>mysql:host=%database_host%;port=%database_port%;dbname=%database_name%</argument>
        <argument>%database_user%</argument>
        <argument>%database_password%</argument>
    </service>
    
  • PHP
    1
    2
    3
    4
    5
    $pdoDefinition = new Definition('PDO', array(
        'mysql:host=%database_host%;port=%database_port%;dbname=%database_name%',
        '%database_user%',
        '%database_password%',
    ));
    

Example SQL Statements

If you use the PdoSessionHandler prior to Symfony 2.6 and upgrade, you'll need to make a few changes to your session table:

  • A new session lifetime (sess_lifetime by default) integer column needs to be added;
  • The data column (sess_data by default) needs to be changed to a BLOB type.

Check the SQL statements below for more details.

To keep the old (2.5 and earlier) functionality, change your class name to use LegacyPdoSessionHandler instead of PdoSessionHandler (the legacy class was added in Symfony 2.6.2).

MySQL

The SQL statement for creating the needed database table might look like the following (MySQL):

1
2
3
4
5
6
CREATE TABLE `sessions` (
    `sess_id` VARBINARY(128) NOT NULL PRIMARY KEY,
    `sess_data` BLOB NOT NULL,
    `sess_time` INTEGER UNSIGNED NOT NULL,
    `sess_lifetime` MEDIUMINT NOT NULL
) COLLATE utf8_bin, ENGINE = InnoDB;

PostgreSQL

For PostgreSQL, the statement should look like this:

1
2
3
4
5
6
CREATE TABLE sessions (
    sess_id VARCHAR(128) NOT NULL PRIMARY KEY,
    sess_data BYTEA NOT NULL,
    sess_time INTEGER NOT NULL,
    sess_lifetime INTEGER NOT NULL
);

Microsoft SQL Server

For MSSQL, the statement might look like the following:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
CREATE TABLE [dbo].[sessions](
    [sess_id] [nvarchar](255) NOT NULL,
    [sess_data] [ntext] NOT NULL,
    [sess_time] [int] NOT NULL,
    [sess_lifetime] [int] NOT NULL,
    PRIMARY KEY CLUSTERED(
        [sess_id] ASC
    ) WITH (
        PAD_INDEX  = OFF,
        STATISTICS_NORECOMPUTE  = OFF,
        IGNORE_DUP_KEY = OFF,
        ALLOW_ROW_LOCKS  = ON,
        ALLOW_PAGE_LOCKS  = ON
    ) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License .