Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP logic for session_id() and session_start()

Tags:

php

session

I inherited the following code which is interesting. The logic seems either redundant or down right wrong.

// make the use of sessions possible.
if (!session_id()) {
    session_start();
}

However, it is on a large scale subscriber system an I am reluctant to change it. Although experienced with PHP, I would appreciate the communities input to ensure I'm not missing something.

Bonus points if you can mention side-effects or insight into the current code.

UPDATE

Maybe logic wasn't the right word. Why check session_id() before calling session_start(), when it would always return the empty string as no where else in the code is session_start() called.

like image 237
Jason McCreary Avatar asked Jul 28 '11 21:07

Jason McCreary


People also ask

What is PHP session_start () and Session_destroy () function?

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called. Note: You do not have to call session_destroy() from usual code.

What does session_start () do in PHP?

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie. When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers.

What is a session_id in PHP?

PHP - session_id() Function Sessions or session handling is a way to make the data available across various pages of a web application. The session_id() function is used to set or retrieve a custom id to the current.

Where should the session_start () function be used?

Note: The session_start() function must be the very first thing in your document. Before any HTML tags. As for your question you can start session wherever you want, but beware that session must be started before any output.


3 Answers

This code is needed to check if session is already started. If session is started, no need to initialize it again. Furthermore, trying to call session_start() when session is already initialized will create E_NOTICE error.

like image 93
Timur Avatar answered Oct 01 '22 23:10

Timur


Looking at the PHP.net:
http://php.net/manual/en/function.session-id.php

session_id() returns the session id for the current session or the empty string ("") if there is no current session (no current session id exists).

If you were to update the code without changing too much, it would probably be best to write:

if (session_id() === "") {
   session_start();
}

to check to see if the session has really been started or not. If commented and referenced to the php.net doc it would be much clearer to see what the developer was trying to accomplish.

Just to note, while:

$test = ""
!$test // This returns true    

It isn't as clear.

like image 28
afuzzyllama Avatar answered Oct 02 '22 00:10

afuzzyllama


Especially in old code, where include files serves as functions (I’ve seen those) or similar solutions, single piece of code could well do few different things: initialize new session, or set new values.

That code can be used to check if sessions are already started. After it could be for example session data validation, or something completely unrelated to sessions, but something that requires sessions to exist.

This of course implies that programmer knew what she was doing. Most of time this kind of solutions are due programmer just copying code from old codebase, or more likely nowadays, from Google, and adjusting it until it doesn’t crash, and letting it to do the job.

The comment (in example) implies that session support is not forced; they will be instantied only if session support exist. PHP can be compiled without session support IIRC. In such case, either this is mistake by programmer or the function would always return false or null or something if session support doesn’t exist.

like image 21
Smar Avatar answered Oct 01 '22 23:10

Smar