Viewed   112 times

What is the maximum size that can be stored in a PHP session?



You can store as much data as you like within in sessions. All sessions are stored on the server. The only limits you can reach is the maximum memory a script can consume at one time, which by default is 128MB.

(Similar answers: Ideal PHP Session Size? - some useful comments)

Friday, December 9, 2022

No it is not a valid code. It will destroy the session at the time of loading the php page.

For destroying session on click you should write

<a href="logout.php" >Logout</a>

in logout.php

Saturday, September 17, 2022

You can modify another users session (see below), although personally, I would recommend against it. As I imagine it can open up a whole world of session hijacking and other vulnerabilities.

With your example use case

A common user is logged, while in the same time an administrator uses the Admin functions and change some value for this user. If the value is not something obtained from the database every time, the session variable for that current logged in user need to have its value changed.

You would be better of updating the value in the database and then just checking to see if it's changed before you process the next page. If you don't want to be checking multiple user fields before each page load then when you update the user in the admin panel, you can build a hash of the values and add it to a new column called session_hash. Then just compare this field on page load

But if you still want to modify another user's session, you can set your current session_id to the targets.

// End my current session and save its id
$my_session_id = session_id();

// Modify our target session 
$_SESSION['is_logged_in'] = false;

// Start our old session again



Example Src:

Monday, December 5, 2022

You might need to read up on the length of the max concat here.

Command-Line Format        --group_concat_max_len=#
Option-File Format         group_concat_max_len
Option Sets Variable       Yes, group_concat_max_len
Variable Name              group_concat_max_len
Variable Scope  Global, Session

Dynamic Variable           Yes
  -- Permitted Values
Platform Bit Size          32
Type                       numeric
Default                    1024
Range                      4 .. 4294967295

  -- Permitted Values
Platform Bit Size          64
Type                       numeric
Default                    1024
Range                      4 .. 18446744073709547520

Edit: I find it rather amusing that the string that is returned to you is 1024 in length - which just happens to be the default max length in mysql. Coincedence?

Monday, December 5, 2022

Depends on session.hash_function and session.hash_bits_per_character.

Check out the session_id page for more info.

The higher you set session.hash_bits_per_character the shorter your session_id will become by using more bits per character. The possible values are 4, 5, or 6.

When using sha-1 for hashing (by setting ini_set('session.hash_function', 1) the following session string lengths are produced by the three session.hash_bits_per_character settings:

4 - 40 character string

5 - 32 character string

6 - 27 character string

Tuesday, September 6, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :