Re: Questions Regarding Sessions - Mailing list pgsql-php

From Adrian Tineo
Subject Re: Questions Regarding Sessions
Date
Msg-id 011a01c2f05b$f35acea0$506bd9d9@supercable.es
Whole thread Raw
In response to Questions Regarding Sessions  (Ludwig Lim <lud_nowhere_man@yahoo.com>)
List pgsql-php
From the manual:

"If register_globals is disabled, only members of the global associative
array $_SESSION can be registered as session variables. The restored session
variables will only be available in the array $_SESSION.

Use of $_SESSION (or $HTTP_SESSION_VARS with PHP 4.0.6 or less) is
recommended for improved security and code readablity. With $_SESSION, there
is no need to use the session_register(), session_unregister(),
session_is_registered() functions. Session variables are accessible like any
other variables. "

register_globals is disabled by default in the latest versions.

Here is what I do:

In login.php:
        session_name("SESSION");
        session_start();
        $_SESSION["valid_session"] = 1;
        $_SESSION["other_session_variable_1"]=$other_session_variable_1;
        $_SESSION["other_session_variable_2"]=$other_session_variable_2;
        // ....
        $_SESSION["other_session_variable_n"]=$other_session_variable_n;
        header("Location: ./menu.php");

In menu.php and every other page controlled by the session, at the top:
        session_name("SESSION");
        session_start();
        if (!$_SESSION["valid_session"]){
                header("Location: ./error.php");
                exit();
        }

In logout.php:
        session_name("SESSION");
        session_start();
        session_destroy();

That's it, no $HTTP_SESSION_VARS and no session_is_registered(), etc.

Adrian Tineo

> Ludwig Lim wrote:
> >    I've tried testing simple session scripts and it
> > works, but initializing and using sessions in a
> > function seems to be a problem for me.
>
> do session_start and session_register in global scope, then it seems to
> work.
> http://www.php.net/manual/en/function.session-start.php
>
>
> >    How can I make the script above to work?
>
> I dont know if this is proper 'recommended' php way, but I have an
> include called myPageStart.inc.php that I load on every page that needs
> sessions:
>
>
>
> -------/ START: t1.php /--------------
> <?
>      function func1()
>      {
>          global $HTTP_SESSION_VARS;
>          $HTTP_SESSION_VARS["test"]="hello";
>      }
> ?>
> -------/ END: t1.php /--------------
>
>
>
>
> -------/ START: t2.php /--------------
> <?
>    include ("myPageStart.inc.php");
>    include ("t1.php");
>    func1();
>    if (session_is_registered($HTTP_SESSION_VARS["test"])){
>     .....
> ?>
> -------/ END: t1.php /--------------
>
>
>
> -------/ START: myPageStart.inc.php /--------------
> <?
>    session_start();
>    session_register("test");
>    session_register($HTTP_SESSION_VARS["test"]);
> ?>
> -------/ END: : mySessionStart.inc.php /--------------
>
>
>
> another few notes (by quicly reading:
> http://www.php.net/manual/en/ref.session.php )
>
> using $HTTP_SESSION_VARS is deprecated, try using just $_SESSION
>     it was ok until PHP 4.0.6, since then use $_SESSION
>
> when using $_SESSION, its always global, no need to ask for it to be
>     from global scope in a function. It already is.
>
> using session_register is now not needed
>
> dont use session_is_registered, there is no need, just use as if any
>     other var with isset, so your if should be just:
>       if (isset($_SESSION[$_SESSION["test"]])) {
>
> which brings me to another point. you seem to confuse the idea of
>     session key with session value.
>          $_SESSION["test"]="hello";
>     here key = "test",  value = "hello"
>     as if:
>          $key   = "test";
>          $value = "hello";
>          $_SESSION[$key] = $value;
>     but then, when you register/check if registered, the key is different
>          $_SESSION["test"]="hello";
>          session_register($_SESSION["test"]);
>     is same as if:
>          $_SESSION["test"]="hello";
>          session_register("hello");
>     or if you prefer to see it through $key , $value then:
>          $key   = "test";
>          $value = "hello";
>          $_SESSION[$key] = $value;
>          session_register($value);
>     Now, when you do this session_register you tell it that there is
>     another key within session, now we have two keys:
>          $_SESSION["test"]
>          $_SESSION["hello"]
>     I dont think this is what you want, I am including here what I think
>     you really wanted, with what should be up to newest php specs:
>
>
>
> -------/ START: t1.php /--------------
> <?
>      function func1()
>      {
>          $_SESSION["test"]="hello";
>      }
> ?>
> -------/ END: t1.php /--------------
>
>
>
>
> -------/ START: t2.php /--------------
> <?
>    include ("myPageStart.inc.php");
>    include ("t1.php");
>    func1();
>    if (isset($_SESSION["test"])){
>       echo ("Session is registerd <br>");
>       $x = $_SESSION["test"];
>       echo ("value of session = $x");
>       session_destroy();
>    }
> ?>
> -------/ END: t1.php /--------------
>
>
>
> -------/ START: myPageStart.inc.php /--------------
> <?
>    session_start();
> ?>
> -------/ END: : myPageStart.inc.php /--------------
>
>
> You mgith want to question myPageStart.inc.php, I also use it, besides
> starting session, start various counters which later I use to in
> myPageEnd.inc.php to log what parts of my page took how long to
> generate, so that I know what to look next to optimize.
>
>
> hope this helps
>
>
> /apz,  The moving cursor writes, and having written, blinks on.
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html


pgsql-php by date:

Previous
From: apz
Date:
Subject: Re: Questions Regarding Sessions
Next
From: cmr@shell.gis.net
Date:
Subject: volunteer/peer review request