Thread: Questions Regarding Sessions

Questions Regarding Sessions

From
Ludwig Lim
Date:
Hi:

I have the following small php files, t1.php and
t2.php

t1.php contains the ff:
<?
   function func1()
   {
       global $HTTP_SESSION_VARS;
       session_start();
       $HTTP_SESSION_VARS["test"]="hello";
       session_register($HTTP_SESSION_VARS["test"]);
   }
?>

t2.php contains the ff:
<?
     include("t1.php");

     func1();
     session_start();
     if
session_is_registered($HTTP_SESSION_VARS["test"]){
        echo ("Session is registerd <br>");
        $x = $HTTP_SESSION_VARS["test"];
        echo ("value of session = $x");
        session_destroy();
     }
?>

The output I am getting when loading t2.php is the ff:
Session is registered
value of session =

Instead of:
Session if registered
value of session = hello

   I've tried testing simple session scripts and it
works, but initializing and using sessions in a
function seems to be a problem for me.
   The session is registed, but the value of the
session variable is missing. The session is created
when I look at the /tmp directory and the the file
ses<session id>.
   How can I make the script above to work?

Some additional info:
   version : php 4
   important configuration = --enable-track-vars
--enable-trans-sid --with-apache=<directory>

Thank you very much,

ludwig.


__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com


Re: Questions Regarding Sessions

From
apz
Date:
Ludwig Lim wrote:
>    I've tried testing simple session scripts and it
> works, but initializing and using sessions in a
> function seems to be a problem for me.

do session_start and session_register in global scope, then it seems to
work.
http://www.php.net/manual/en/function.session-start.php


>    How can I make the script above to work?

I dont know if this is proper 'recommended' php way, but I have an
include called myPageStart.inc.php that I load on every page that needs
sessions:



-------/ START: t1.php /--------------
<?
     function func1()
     {
         global $HTTP_SESSION_VARS;
         $HTTP_SESSION_VARS["test"]="hello";
     }
?>
-------/ END: t1.php /--------------




-------/ START: t2.php /--------------
<?
   include ("myPageStart.inc.php");
   include ("t1.php");
   func1();
   if (session_is_registered($HTTP_SESSION_VARS["test"])){
    .....
?>
-------/ END: t1.php /--------------



-------/ START: myPageStart.inc.php /--------------
<?
   session_start();
   session_register("test");
   session_register($HTTP_SESSION_VARS["test"]);
?>
-------/ END: : mySessionStart.inc.php /--------------



another few notes (by quicly reading:
http://www.php.net/manual/en/ref.session.php )

using $HTTP_SESSION_VARS is deprecated, try using just $_SESSION
    it was ok until PHP 4.0.6, since then use $_SESSION

when using $_SESSION, its always global, no need to ask for it to be
    from global scope in a function. It already is.

using session_register is now not needed

dont use session_is_registered, there is no need, just use as if any
    other var with isset, so your if should be just:
      if (isset($_SESSION[$_SESSION["test"]])) {

which brings me to another point. you seem to confuse the idea of
    session key with session value.
         $_SESSION["test"]="hello";
    here key = "test",  value = "hello"
    as if:
         $key   = "test";
         $value = "hello";
         $_SESSION[$key] = $value;
    but then, when you register/check if registered, the key is different
         $_SESSION["test"]="hello";
         session_register($_SESSION["test"]);
    is same as if:
         $_SESSION["test"]="hello";
         session_register("hello");
    or if you prefer to see it through $key , $value then:
         $key   = "test";
         $value = "hello";
         $_SESSION[$key] = $value;
         session_register($value);
    Now, when you do this session_register you tell it that there is
    another key within session, now we have two keys:
         $_SESSION["test"]
         $_SESSION["hello"]
    I dont think this is what you want, I am including here what I think
    you really wanted, with what should be up to newest php specs:



-------/ START: t1.php /--------------
<?
     function func1()
     {
         $_SESSION["test"]="hello";
     }
?>
-------/ END: t1.php /--------------




-------/ START: t2.php /--------------
<?
   include ("myPageStart.inc.php");
   include ("t1.php");
   func1();
   if (isset($_SESSION["test"])){
      echo ("Session is registerd <br>");
      $x = $_SESSION["test"];
      echo ("value of session = $x");
      session_destroy();
   }
?>
-------/ END: t1.php /--------------



-------/ START: myPageStart.inc.php /--------------
<?
   session_start();
?>
-------/ END: : myPageStart.inc.php /--------------


You mgith want to question myPageStart.inc.php, I also use it, besides
starting session, start various counters which later I use to in
myPageEnd.inc.php to log what parts of my page took how long to
generate, so that I know what to look next to optimize.


hope this helps


/apz,  The moving cursor writes, and having written, blinks on.


Re: Questions Regarding Sessions

From
"Adrian Tineo"
Date:
From the manual:

"If register_globals is disabled, only members of the global associative
array $_SESSION can be registered as session variables. The restored session
variables will only be available in the array $_SESSION.

Use of $_SESSION (or $HTTP_SESSION_VARS with PHP 4.0.6 or less) is
recommended for improved security and code readablity. With $_SESSION, there
is no need to use the session_register(), session_unregister(),
session_is_registered() functions. Session variables are accessible like any
other variables. "

register_globals is disabled by default in the latest versions.

Here is what I do:

In login.php:
        session_name("SESSION");
        session_start();
        $_SESSION["valid_session"] = 1;
        $_SESSION["other_session_variable_1"]=$other_session_variable_1;
        $_SESSION["other_session_variable_2"]=$other_session_variable_2;
        // ....
        $_SESSION["other_session_variable_n"]=$other_session_variable_n;
        header("Location: ./menu.php");

In menu.php and every other page controlled by the session, at the top:
        session_name("SESSION");
        session_start();
        if (!$_SESSION["valid_session"]){
                header("Location: ./error.php");
                exit();
        }

In logout.php:
        session_name("SESSION");
        session_start();
        session_destroy();

That's it, no $HTTP_SESSION_VARS and no session_is_registered(), etc.

Adrian Tineo

> Ludwig Lim wrote:
> >    I've tried testing simple session scripts and it
> > works, but initializing and using sessions in a
> > function seems to be a problem for me.
>
> do session_start and session_register in global scope, then it seems to
> work.
> http://www.php.net/manual/en/function.session-start.php
>
>
> >    How can I make the script above to work?
>
> I dont know if this is proper 'recommended' php way, but I have an
> include called myPageStart.inc.php that I load on every page that needs
> sessions:
>
>
>
> -------/ START: t1.php /--------------
> <?
>      function func1()
>      {
>          global $HTTP_SESSION_VARS;
>          $HTTP_SESSION_VARS["test"]="hello";
>      }
> ?>
> -------/ END: t1.php /--------------
>
>
>
>
> -------/ START: t2.php /--------------
> <?
>    include ("myPageStart.inc.php");
>    include ("t1.php");
>    func1();
>    if (session_is_registered($HTTP_SESSION_VARS["test"])){
>     .....
> ?>
> -------/ END: t1.php /--------------
>
>
>
> -------/ START: myPageStart.inc.php /--------------
> <?
>    session_start();
>    session_register("test");
>    session_register($HTTP_SESSION_VARS["test"]);
> ?>
> -------/ END: : mySessionStart.inc.php /--------------
>
>
>
> another few notes (by quicly reading:
> http://www.php.net/manual/en/ref.session.php )
>
> using $HTTP_SESSION_VARS is deprecated, try using just $_SESSION
>     it was ok until PHP 4.0.6, since then use $_SESSION
>
> when using $_SESSION, its always global, no need to ask for it to be
>     from global scope in a function. It already is.
>
> using session_register is now not needed
>
> dont use session_is_registered, there is no need, just use as if any
>     other var with isset, so your if should be just:
>       if (isset($_SESSION[$_SESSION["test"]])) {
>
> which brings me to another point. you seem to confuse the idea of
>     session key with session value.
>          $_SESSION["test"]="hello";
>     here key = "test",  value = "hello"
>     as if:
>          $key   = "test";
>          $value = "hello";
>          $_SESSION[$key] = $value;
>     but then, when you register/check if registered, the key is different
>          $_SESSION["test"]="hello";
>          session_register($_SESSION["test"]);
>     is same as if:
>          $_SESSION["test"]="hello";
>          session_register("hello");
>     or if you prefer to see it through $key , $value then:
>          $key   = "test";
>          $value = "hello";
>          $_SESSION[$key] = $value;
>          session_register($value);
>     Now, when you do this session_register you tell it that there is
>     another key within session, now we have two keys:
>          $_SESSION["test"]
>          $_SESSION["hello"]
>     I dont think this is what you want, I am including here what I think
>     you really wanted, with what should be up to newest php specs:
>
>
>
> -------/ START: t1.php /--------------
> <?
>      function func1()
>      {
>          $_SESSION["test"]="hello";
>      }
> ?>
> -------/ END: t1.php /--------------
>
>
>
>
> -------/ START: t2.php /--------------
> <?
>    include ("myPageStart.inc.php");
>    include ("t1.php");
>    func1();
>    if (isset($_SESSION["test"])){
>       echo ("Session is registerd <br>");
>       $x = $_SESSION["test"];
>       echo ("value of session = $x");
>       session_destroy();
>    }
> ?>
> -------/ END: t1.php /--------------
>
>
>
> -------/ START: myPageStart.inc.php /--------------
> <?
>    session_start();
> ?>
> -------/ END: : myPageStart.inc.php /--------------
>
>
> You mgith want to question myPageStart.inc.php, I also use it, besides
> starting session, start various counters which later I use to in
> myPageEnd.inc.php to log what parts of my page took how long to
> generate, so that I know what to look next to optimize.
>
>
> hope this helps
>
>
> /apz,  The moving cursor writes, and having written, blinks on.
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html