PHP Sessions Help

Forum Moderators: coopster

Message Too Old, No Replies

PHP Sessions Help

How's it work?

madcat

11:59 pm on Mar 3, 2003 (gmt 0)

A bit of a new guy question, hopefully not too distorted.

Just trying to get a basic understanding of sessions here. I have an all-in-one form that contains a 'login' form and the regular form. Each time you press submit, it basically goes back to the same script. Except, when the user hits submit after filling out the form, it gets caught on one of the first conditions and re-displays the login form.

I just need somehow to include a session variable in that part of the script that says, the user has already been here, it's okay - move on to the next part of the script.

My questions are: Do I put the session_start(); and session_register variables just once at the top of the page? Will those variables be available even after I press submit on either the login form or the regular form? Do I have to include session_start(); in more than one place, even though it is all one big script?

Thanks for any help!

jatar_k

12:05 am on Mar 4, 2003 (gmt 0)

php.net

session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.
If you want to use a named session, you must call session_name() before calling session_start().

so session_start should be on every page that needs a session.

For your comparison you can use session_is_registered [php.net].

if (!session_is_registered(session_var_name)) {
show login
}

from there on the value of the var is available in the session via $_SESSION['session_var_name']. You just call session_start on each page to maintain it.

session_register only needs to be called the first time when they login to get the value into the session var.

hakre

12:11 am on Mar 4, 2003 (gmt 0)

in addition in the php docs you'll find an intro to php session management [php.net] and it's pros / cons and probs. worth reading.

nosanity

12:16 am on Mar 4, 2003 (gmt 0)

Alright, sessions are actually quite easy. They require a little bit of checking your configuration to ensure that sessions are enabled, but other than that you should be fine.

To check your configuration, just use the statement
<? phpinfo();?>
and place it in any file by itself. Look for sessions. If you don't see it, check your php.ini file and enable it.

Alright, so you have sessions enabled. Now to exploit them.

Start off by initializing a session.
session_name("oursession");
session_start();

Now lets set any variable (see how below) within the session to be used later.
session_register("been_here");
$HTTP_SESSION_VARS["been_here"] = TRUE;

Now we need to refer to it later.
printf("<a href=\"%s?%s=%s\">Text</a>", $PHP_SELF, session_name(), session_id());

To use the session, use
session_name("oursession");
session_start();

Then you can reference $HTTP_SESSION_VARS["been_here"];

---
There you go... sessions in 1 simple format.

noSanity

aspdaddy

9:54 am on Mar 4, 2003 (gmt 0)

Can anyone tell me if these PHP sessions are better than asp sessions?

Is there a choice of using session-munged-urls or session cookies?

Is there a reliable session on_end() event?

Can you store user defined objects/classes in the session?

Are there application level variables, that all sessions can see and update?

What would be the best server/language for these features?

Lots of questions... :)

Thanks.

andreasfriedrich

3:01 pm on Mar 4, 2003 (gmt 0)

>>Can anyone tell me if these PHP [php.net] sessions are better
>>than asp sessions?

Not sure whether PHP [php.net] sessions are better than asp but I do know that %Apache [httpd.apache.org]::Session% sessions are better.

>>Is there a choice of using session-munged-urls or
>>session cookies?

The session.use_trans_sid [php.net], session.use_cookies [php.net], and session.use_only_cookies [php.net] configuration settings let you choose whether you want cookies at all, cookies only, transparent sid support or manual sid handling. If you have transparent sid support enabled PHP [php.net] will automatically rewrite certain tags to include the session id.

>>Is there a reliable session on_end() event?

PHP [php.net] is not event driven. So there are no session end events. You could write your own class to supply such an event if you wanted to. No session end event will ever be 100% reliable if the underlying protocol is stateless.

>>Can you store user defined objects/classes in the session?

PHP [php.net] provides two serializers: an internal PHP [php.net] one and WDDX. You choose between those by setting the session.serialize_handler [php.net] configuration setting to the appropriate value. Yes, you may store objects in sessions.

>>Are there application level variables, that all sessions
>>can see and update?

Not that I know of. Of course that would be easy to implement yourself using your favorite method of serializing the values of these variables and storing them in a file, database, or whereever.

>>What would be the best server/language for these features?

PHP [php.net] of course. You do not have a choice between multiple languages as with ASP. PHP [php.net] is the language. Of course you could use C as well as explained in Extending PHP 4.0 [php.net]

HTH Andreas

And no, I do not need better hosting ;)

jmilk

8:42 am on Mar 5, 2003 (gmt 0)

>> Yes, you may store objects in sessions.

One more thing to consider is that you need to include the class definition for any object stored in sessions BEFORE the call to session_start(). If you don't, they object's fields will be available, but not its methods.

Also, I have a functioning set of session-handlers for mysql that I can clean up and post here if there's interest.