Re: Questions Regarding Sessions

From the manual:

"If register_globals is disabled, only members of the global associative
array $_SESSION can be registered as session variables. The restored session
variables will only be available in the array $_SESSION.

Use of $_SESSION (or $HTTP_SESSION_VARS with PHP 4.0.6 or less) is
recommended for improved security and code readablity. With $_SESSION, there
is no need to use the session_register(), session_unregister(),
session_is_registered() functions. Session variables are accessible like any
other variables. "

register_globals is disabled by default in the latest versions.

Here is what I do:

In login.php:
session_name("SESSION");
session_start();
$_SESSION["valid_session"] = 1;
$_SESSION["other_session_variable_1"]=$other_session_variable_1;
$_SESSION["other_session_variable_2"]=$other_session_variable_2;
// ....
$_SESSION["other_session_variable_n"]=$other_session_variable_n;
header("Location: ./menu.php");

In menu.php and every other page controlled by the session, at the top:
session_name("SESSION");
session_start();
if (!$_SESSION["valid_session"]){
header("Location: ./error.php");
exit();
}

In logout.php:
session_name("SESSION");
session_start();
session_destroy();

That's it, no $HTTP_SESSION_VARS and no session_is_registered(), etc.

Adrian Tineo

> Ludwig Lim wrote:
> > I've tried testing simple session scripts and it
> > works, but initializing and using sessions in a
> > function seems to be a problem for me.
>
> do session_start and session_register in global scope, then it seems to
> work.
> http://www.php.net/manual/en/function.session-start.php
>
>
> > How can I make the script above to work?
>
> I dont know if this is proper 'recommended' php way, but I have an
> include called myPageStart.inc.php that I load on every page that needs
> sessions:
>
>
>
> -------/ START: t1.php /--------------
> <?
> function func1()
> {
> global $HTTP_SESSION_VARS;
> $HTTP_SESSION_VARS["test"]="hello";
> }
> ?>
> -------/ END: t1.php /--------------
>
>
>
>
> -------/ START: t2.php /--------------
> <?
> include ("myPageStart.inc.php");
> include ("t1.php");
> func1();
> if (session_is_registered($HTTP_SESSION_VARS["test"])){
> .....
> ?>
> -------/ END: t1.php /--------------
>
>
>
> -------/ START: myPageStart.inc.php /--------------
> <?
> session_start();
> session_register("test");
> session_register($HTTP_SESSION_VARS["test"]);
> ?>
> -------/ END: : mySessionStart.inc.php /--------------
>
>
>
> another few notes (by quicly reading:
> http://www.php.net/manual/en/ref.session.php )
>
> using $HTTP_SESSION_VARS is deprecated, try using just $_SESSION
> it was ok until PHP 4.0.6, since then use $_SESSION
>
> when using $_SESSION, its always global, no need to ask for it to be
> from global scope in a function. It already is.
>
> using session_register is now not needed
>
> dont use session_is_registered, there is no need, just use as if any
> other var with isset, so your if should be just:
> if (isset($_SESSION[$_SESSION["test"]])) {
>
> which brings me to another point. you seem to confuse the idea of
> session key with session value.
> $_SESSION["test"]="hello";
> here key = "test", value = "hello"
> as if:
> $key = "test";
> $value = "hello";
> $_SESSION[$key] = $value;
> but then, when you register/check if registered, the key is different
> $_SESSION["test"]="hello";
> session_register($_SESSION["test"]);
> is same as if:
> $_SESSION["test"]="hello";
> session_register("hello");
> or if you prefer to see it through $key , $value then:
> $key = "test";
> $value = "hello";
> $_SESSION[$key] = $value;
> session_register($value);
> Now, when you do this session_register you tell it that there is
> another key within session, now we have two keys:
> $_SESSION["test"]
> $_SESSION["hello"]
> I dont think this is what you want, I am including here what I think
> you really wanted, with what should be up to newest php specs:
>
>
>
> -------/ START: t1.php /--------------
> <?
> function func1()
> {
> $_SESSION["test"]="hello";
> }
> ?>
> -------/ END: t1.php /--------------
>
>
>
>
> -------/ START: t2.php /--------------
> <?
> include ("myPageStart.inc.php");
> include ("t1.php");
> func1();
> if (isset($_SESSION["test"])){
> echo ("Session is registerd <br>");
> $x = $_SESSION["test"];
> echo ("value of session = $x");
> session_destroy();
> }
> ?>
> -------/ END: t1.php /--------------
>
>
>
> -------/ START: myPageStart.inc.php /--------------
> <?
> session_start();
> ?>
> -------/ END: : myPageStart.inc.php /--------------
>
>
> You mgith want to question myPageStart.inc.php, I also use it, besides
> starting session, start various counters which later I use to in
> myPageEnd.inc.php to log what parts of my page took how long to
> generate, so that I know what to look next to optimize.
>
>
> hope this helps
>
>
> /apz, The moving cursor writes, and having written, blinks on.
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html