Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Are Sessions a really BAD idea?

For retaining certain site information...

12:22 am on Sep 13, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 20, 2004
posts: 615
votes: 0

Hello All -

I've been resisting posting this for almost a week now because I've been afraid I'd get the response: "Yeah, don't use Session Vars for THAT!", but, here it goes:

On all of my projects, I've got an app_init.php file that loads a bunch of project-specific site settings into a multi-dimensional session array.

This information only gets loaded once like so:

$app_init = array
'AppInit' => 1,

//Application Information
'ServerIP' => NULL,

//Project Information
'ClientName' => 'Client Name',
'CopyrightName' => 'Client Copyright name',
'CopyrightYear' => '2008',

- more stuff
- more stuff

Six months ago, when I developed this scheme, I thought this was a real clever idea as it gave me a non-db place to store general site settings that could be accessed throughout the application.

THEN I had a problem with Sessions "disappearing" - not the Session information show above, but sessions related to multiple forms that would vaporize (time out) if the user walked away from the computer for like 20 minutes or more before completing the entire form section.

That was the first time I had known that sessions DO time out. OH NO!

I'm still sorting out the ***Best Way*** to deal with retaining information across multi-page forms (temp DB tables, cookies, et. al.), but my question here relates to ensuring the persistence of initialization values:

Are Sessions Vars (that only load once at site-opening) NOT the way to go?
Should I re-load these sessions on every page load by taking out the IF statement? (doesn't seem very efficient)
How do those of you in this great community deal with this sort of thing? What are my options for this task from a "best-practices" sort of perspective?

All advise greatly appreciated!


3:18 am on Sept 13, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:June 6, 2005
votes: 0

Yeah, don't use Session Vars for THAT! ;)

I'm trying to think of a good analogy but it's tough... What you're doing would probably be ok... But it just seems a bit crazy... And I can't see many advantages to it.

Have a think about situations such as when site settings are changed but the old settings are still there in some sessions.

Personally, I don't think sessions are the right tool for this job. And don't even consider load the sessions data every time a page is loaded... That would entirely defeat the purpose using sessions! :) You can just as easily use the global keyword or add the settings to the $GLOBALS array if the only reason for use is having the global $_SESSION variable.

3:57 am on Sept 13, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 20, 2004
posts: 615
votes: 0

Hi Matt -

Thanks (as always) for your reply.

This init file is part of a generic framework I've been building. Items that are currently set by this file are:

1. Client Name
2. Client contact address (useful in a number of places on most projects I've been involved with)
3. Initial copyright year
4. Debugging switch (if true show debug tables, etc)
5. Multi-language switch (if true, multiple languages are supported)
6. Which specific languages a particular site supports
7. Logged-in user details if site offers secure sections for authorized users
8. Navigation types (top, side, footer) - true or false for each... if any are true, one or more navigation systems are built programatically based upon specific DB table content

... Etc ...

I'm still developing this, but so far, priming the site attributes on first-run has been REALLY useful and time-efficient for me; but I need to do it in such a way that these values are persistant and can be used at any time, if needed, during a users visit.

I believe that others do the same type of thing (obviously, however, using a different method). So, given the purpose of this file as indicated above, do you (or anyone else) have any idea how to best accomplish the same end without using Sessions?

4:04 am on Sept 13, 2008 (gmt 0)

New User

10+ Year Member

joined:Aug 19, 2008
votes: 0

You might consider using the serialize() function to store the contents of $app_init in a single file.

When you store the data in sessions your storing a separate copy of the data for every user which poses a series of potential issues.

edit: I notice you have both user specific and site specific data in the array. You'll need to separate these. All site specific data (common to all users of the site) should be stored in a single location (serialed file or db) while the user specific data can be stored by session variables

7:13 am on Sept 13, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
votes: 0

Never let search engines see sessions in any URL when they are spidering your site.

It leads them to see infinite Duplicate Content on your site.


Don't let ordinary users see sessions in any URL.

They will post those URLs to other sites as links, leaving links to your site with fixed session IDs in them - which multiple users will be using every day to get to your site, and which search engines will try to index too.

Sessions in URLs are just a bad idea.

10:50 am on Sept 13, 2008 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts: 4446
votes: 11

Why not writing a config.php hidden from root that can be access upon certain condition and edited/written to.
or as mentionned above a config file that reads unserialized data
2:03 am on Sept 14, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 20, 2004
posts: 615
votes: 0

tfk11, g1smd, henry0 -

Thank you all for your input. I took a look at the serialize function but I can't really grasp it's concept or utility (boy, really showing my ignorance here), and then I took a look at some example config.php files. It seems that a config.php is what I'm after as the examples I found were setting simular variables as what I'm trying to do.

But here's what keeps stumping me:

1. What I'm trying to do is set the state of certain switches on the FIRST run of an application.
2. Since a number of areas in my application (particularly nav-building routines) are coded as loops, these switch-states must always be available at every page refresh.
3. Of course, I could call config.php at every page refresh via index.php but that seems really inefficient to re-set switch states to their same values at every refresh - then again, I also realize that dynamically rebuilding nav-bar structures and content at every refresh could be argued as really inefficient too!
4. What I would "like" is some way to set these switches just once and have these switch values persist and available throughout the application and for as long as the user is on-site. This is the reason I though of using $_Session but now I understand that this isn't a good or correct solution to my needs.
5. At this point I don't have a need to actually "write" values/preferences back to a config file.

Of course, "what I would like" may not be possible. If what I'm after IS possible however, (load switch values just once which would then be retained) then would someone be kind enough to provide a solid example or link on how to use config.php or serialize() or something else to accomplish this?

If what I'm after is not possible, I'm ready to accept that as well.

Great appreciation to all for bearing with me on this.


4:14 am on Sept 14, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:June 6, 2005
votes: 0

I think you might be over-thinking all this as far as efficiency goes Neophyte.

PHP is very, very fast at reading files... There's no reason to avoid using files 'cause you're worried about them being inefficient. Especially seeing as PHP will most likely cache sessions to a file too.. :)

If you want to speed things up make sure you keep the number of echo/print statements to a minimum. Pushing things to the browser is one of the biggest bottlenecks.

After reading what you just wrote I think that $_SESSIONs (or cookies) might be the best tool for part of this job.

Keeping track of specific state settings for individual users is exactly what sessions and cookies are made for. Keeping track of values that never change (site name / settings) is not...

Here's how serialize works, it's pretty simple. It just lets you turn an array into a string an vice versa:

$serialized_string = serialize($settings_array);
// save the string to file or db

// Load the string from file or db
$settings_array = unserialize($serialized_string);

Serialize is horribly slow once you start using huge arrays. It's not too bad for small ones though.

[edited by: MattAU at 4:15 am (utc) on Sep. 14, 2008]

6:52 am on Sept 14, 2008 (gmt 0)

New User

10+ Year Member

joined:Aug 19, 2008
votes: 0

neophyte, session data is serialized an stored on disk by php behind the scenes. So serializing your "switches" and storing them to disk will be much faster than serializing and storing the same data multiple times (once for each user) using sessions.

I've never run into any performance issues using the serialize function. As long as you're not loading a lot of a data at the beginning of every page that never gets used to generate the page you should be fine.


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members