is session_start() necessary...

Forum Moderators: coopster

Message Too Old, No Replies

is session_start() necessary...

for accessing info in $_session array?

neophyte

1:18 pm on May 21, 2005 (gmt 0)

I'm trying to do a simple log-in system - don't want to use pre-written scripts because I want to understand what's going on.

In a book I'm reading, they use a $_SESSION array as a means of storing user data and then accessing that data in other pages which require authorization. This book, however, is not using start_session() - it's just loading the $_SESSION array after a successful log-in, and then verifies the 'username' element of the array on each page of the restricted section.

On the other hand, after reading the example login script by Jatar K in the PHP Library, he (she?) does implement start_session() at the beginning of the log-in script as well as the beginning of the authorization script on each page that requires authorization.

What's the right way to do this? With or without start_session()? What are the pros and cons of each implementation?

Neophyte

Neophyte.

jatar_k

4:49 pm on May 21, 2005 (gmt 0)

to keep the session you need to have session_start on every page.

I usually have it in the verify authentication file since that is always the first thing to be executed and is always included in every page.

neophyte

3:24 am on May 22, 2005 (gmt 0)

So, you mean that if you don't use start_session(), the variables in $_SESSION are not retained as a user goes from page to page?

Stormfx

6:43 am on May 22, 2005 (gmt 0)

As Jatar said, you have to call session_start() on every page, unless the php.ini file is set to auto start the session.

neophyte

9:22 am on May 22, 2005 (gmt 0)

jatar_k, stormfx -

Did some extra research on sessions and now I understand why you have to use start_session() on each page. Thanks for your replies.