Object oriented session handlers


This patch allows users to extend session handlers in an object oriented fashion.

Currently users must override all six functions and have no way of calling the original ones.

This patch exposes the original handler (files, memcached, etc.) in a new internal class called SessionHandler, and alters session_set_save_handler() to also accept an object of this class.

Example uses of overriding/wrapping individual methods of a handler:

  • Transparently adding encryption
  • Custom GC logic
  • Logging


class MySession extends SessionHandler {
	public function read($key) {
		return str_rot13(parent::read($key));
	public function write($key, $data) {
		return parent::write($key, str_rot13($data));
session_set_save_handler(new MySession);

Usage notes

  • Calling session_set_save_handler(object) after session_set_save_handler(a, b, c, d, e, f) wouldn't transparently extend the first call since they share the same storage. However this can be achieved by calling the former functions manually from the object.
  • Likewise multiple session_set_save_handler(object) calls simply replace each other; just extend the new class from the old one instead of SessionHandler to chain them.
  • An E_WARNING error is raised if the (parent) SessionHandler class is used (read/write/close/destroy) before open is called.



  • 2011-06-03 Arpad Ray: Initial RFC creation
  • 2011-06-20 Arpad Ray: Updated to reflect new patches
  • 2011-06-20 Arpad Ray: Updated patches
  • 2011-06-27 Arpad Ray: Updated patches
rfc/session-oo.txt · Last modified: 2017/09/22 13:28 by