Menu
I inherited the following code which is interesting. The logic seems either redundant or down right wrong.
// make the use of sessions possible.
if (!session_id()) {
session_start();
}
However, it is on a large scale subscriber system an I am reluctant to change it. Although experienced with PHP, I would appreciate the communities input to ensure I'm not missing something.
Bonus points if you can mention side-effects or insight into the current code.
Maybe logic wasn't the right word. Why check session_id() before calling session_start(), when it would always return the empty string as no where else in the code is session_start() called.
237
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called. Note: You do not have to call session_destroy() from usual code.
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie. When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers.
PHP - session_id() Function Sessions or session handling is a way to make the data available across various pages of a web application. The session_id() function is used to set or retrieve a custom id to the current.
Note: The session_start() function must be the very first thing in your document. Before any HTML tags. As for your question you can start session wherever you want, but beware that session must be started before any output.
This code is needed to check if session is already started. If session is started, no need to initialize it again. Furthermore, trying to call session_start() when session is already initialized will create E_NOTICE error.
93
Looking at the PHP.net:
http://php.net/manual/en/function.session-id.php
session_id() returns the session id for the current session or the empty string ("") if there is no current session (no current session id exists).
If you were to update the code without changing too much, it would probably be best to write:
if (session_id() === "") {
session_start();
}
to check to see if the session has really been started or not. If commented and referenced to the php.net doc it would be much clearer to see what the developer was trying to accomplish.
Just to note, while:
$test = ""
!$test // This returns true
It isn't as clear.
28
Especially in old code, where include files serves as functions (I’ve seen those) or similar solutions, single piece of code could well do few different things: initialize new session, or set new values.
That code can be used to check if sessions are already started. After it could be for example session data validation, or something completely unrelated to sessions, but something that requires sessions to exist.
This of course implies that programmer knew what she was doing. Most of time this kind of solutions are due programmer just copying code from old codebase, or more likely nowadays, from Google, and adjusting it until it doesn’t crash, and letting it to do the job.
The comment (in example) implies that session support is not forced; they will be instantied only if session support exist. PHP can be compiled without session support IIRC. In such case, either this is mistake by programmer or the function would always return false or null or something if session support doesn’t exist.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
