Announcement

Collapse
No announcement yet.

Are sessions stored in the database in vBulletin 5 Connect, or only in the web server memory?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Are sessions stored in the database in vBulletin 5 Connect, or only in the web server memory?

    I've been looking for a way to access information about the vBulletin 5 session with a specific session ID (taken from the vBulletin cookie by another PHP application on the same server/domain), and this post seems to indicate that sessions are stored in the vBulletin 5 database (therefore making it possible to look up the session information directly against this database from my separate PHP application that has access to the session id of the logged in user and also direct access to the vB5 database on the server), but other online sources seem to say that the session information is not stored in the vBulletin database?

    So, which is it?

    And if it is indeed stored in the database, in which table can I look up the session ID taken from the vBulletin cookie in the browser, anyone knows?

  • #2
    They are stored in the database in a table called session. vBulletin has always stored session information in the database. vBulletin has never used memory directly to store session memory. Your other sources are wrong.

    In older versions of vBulletin, the database used a Memory table type for the sessions. This table type isn't used in vBulletin 5.X. However, in older versions the session records were still accessed through MySQL and Query Language.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud customization and demonstration site.
    vBulletin 5 Documentation - Updated every Friday. Report issues here.
    vBulletin 5 API - Full / Mobile
    I am not currently available for vB Messenger Chats.

    Comment


    • #3
      Thanks, this is really great news!!

      And just to be really clear: You are saying that I will be able to find the session ID stored in the browser cookie in this "session" table (and thus from there also be able to access/resolve all relevant information such as for example the vBulletin user ID of the user owning this session, directly from the database)?

      Comment


      • #4
        You can find that information in the session table.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud customization and demonstration site.
        vBulletin 5 Documentation - Updated every Friday. Report issues here.
        vBulletin 5 API - Full / Mobile
        I am not currently available for vB Messenger Chats.

        Comment


        • #5
          Hmm, I just took a look in this table after having logged into my forum myself, and unfortunately, while I can indeed see my own session there, the session id from my cookie ("PHPSESSID") can not be found there, and thus, I cannot look up my own session in this table in an elementary fashion?

          Rather, only the two values called "sessionhash" and "idhash" are the only columns in the table that even remotely look as a session ID. Is there any way I can map these to my own session ID from the "PHPSESSID" cookie?

          Can anyone tell me how these two values are calculated (presumably from the session ID stored in my "PHPSESSID" cookie in the case of "sessionhash", and from my user ID in the case of"idhash")?

          Comment


          • #6
            We don't use the phpsessid. It is created by Facebook code included in the system. vBulletin only uses the sessionhash value. It should match the sessionhash in the database table.

            You can look at /core/vb/session.php to understand how different variables are created. You should let vBulletin handle sessions though. Log someone in and a session will be automatically created. You shouldn't have to worry how or why.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud customization and demonstration site.
            vBulletin 5 Documentation - Updated every Friday. Report issues here.
            vBulletin 5 API - Full / Mobile
            I am not currently available for vB Messenger Chats.

            Comment


            • #7
              Originally posted by Wayne Luke View Post
              We don't use the phpsessid. It is created by Facebook code included in the system. vBulletin only uses the sessionhash value. It should match the sessionhash in the database table.
              Hmm, but since the only cookie being stored on the client side (i.e. in my browser, having been verified by me by inspecting the value of document.cookie in the Chrome developer tools) is the PHPSESSID, it must be this that somehow keeps track of the vBulletin session (no matter how it is subsequently handled/resolved internally in vBulletin)? How could otherwise the server know which user that it making a request to the server, when the client doesn't know/provide this "sessionhash" value?

              The only things stored in the cookie of my browser are the "PHPSESSID" and "bbnp_notices_displayed" values? No "sessionhash" value or anything else?

              This would indicate that there is indeed a mapping between the "PHPSESSID" and the "sessionhash" stored in the memory (PHP session object) of the server, rather than in the database?


              Originally posted by Wayne Luke View Post
              You should let vBulletin handle sessions though. Log someone in and a session will be automatically created. You shouldn't have to worry how or why.
              Unfortunately, I do, since I need to get hold of the user ID of the currently logged in user, in order to forward this to a third-part PHP application on the same server as my vBulletin 5 instance, for further processing...

              Comment


              • #8
                Sorry! I made a mistake and was fooled by the fact that the document.cookies value inside the Chrome developer tools does not contain cookie values protected by the httpOnly flag!

                I inspected the cookies in transfer instead, and then indeed found the session hash (in the "bbsessionhash" cookie value).

                Thanks so much again for you replies and your patience!

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X