All the tutorials say to put session start. They don't say if that should be in all pages on the website, or some, or only 1.
And if it's only 1 page, does it have to be the main page? Or a page with a form that I am making that puts the session ID in the database? If the visitor never visits a page with a session id but they are on the site, do they still have a session id?
You need to put this in each page that need to access the session data before accessing (or creating) any session data.
See: http://php.net/manual/en/function.session-start.php
Just for a matter of completeness you can choose to write session_start(); in all pages, in just one or in none of them. Let me explain this.
You need to start session in every script where you need access to $_SESSION variable but instead of putting session_start(); in every single script you can create a file headers.php and put there all your repetitive code including session_start();
If everything in your application needs access to $_SESSION you can forget the use of session_start(); simply setting session.auto_start = 1 in your php.ini file. You will be able to access $_SESSION without writing session_start(); before.
More here
Anything that is going to access Session variables needs to start the session.
So unless you have a php page that is non-dependent on the session than every page needs it.
You need to declare session_start(); in every page if you want to get data from $_SESSION or store data into $_SESSION in those particular page. If you do not need to interact with $_SESSION then you don't have to declare session_start().#hmwhat
Related
I know if session is not destroyed at the end of some specific task then it will retain its values and could create problems next when you use it.
But when you say destroying a session then does it mean ending the session like this
session_end()
or it means that you have to unset some specific session which u have set before by doing this.
unset($_SESSION['id'])
etc.
And if i start a session at the top of every page and do not set it by $_SESSION['id'] etc then could that create problem for me. If yes then why i haven't got proper answer to this anywhere.
Here is how you destroy a session:
session_destroy();
There is no such thing as session_end() in PHP.
To empty a specific session variable, you generally do the following:
$_SESSION['id'] = '';
If you start a new session on top of every page using session_start it will just make sure the session is setup would it not be active for any reason (destroyed or never started).
It's untrue that there would be no documentation, actually, the web is full with articles and tutorials on session management. I myself used the following that helped me a lot to setup my login system of my web app: https://www.owasp.org/index.php/Session_Management.
I also suggest you have a read through all the functions that PHP specifically has to offer starting here: http://www.php.net/manual/en/features.sessions.php.
I am beginning to learn php. I have a question regarding sessions.
Right now, I know that session_start() creates a session variable.
What I don't know is, when I access the session I created, do I need to use session_start() again?
If yes...
Why is this? Because I already created a session and I wonder why it wouldn't last the entire browsing session.
because what i understand from it is, that it is going to create a new session.
No:
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
http://php.net/session_start
Each new page you visit is an entirely new context for PHP. session_start allows you to reestablish a previous context/session/data.
The session_start function tells PHP to enable session tracking. It doesn't wipe out the session created by a previous page. You must call session_start() before you'll have access to any variables in $_SESSION.
Because of the manual session_start()
session_start — Start new or resume existing session
the same way you would connect to database every time you want to use it. it will connect to however you're storing your sessions. The session variables are no wiped out.
Also read more here but this should help to understand how sessions work:
When you are working with an application, you open it, do some changes
and then you close it. This is much like a Session. The computer knows
who you are. It knows when you start the application and when you end.
But on the internet there is one problem: the web server does not know
who you are and what you do because the HTTP address doesn't maintain
state.
A PHP session solves this problem by allowing you to store user
information on the server for later use (i.e. username, shopping
items, etc). However, session information is temporary and will be
deleted after the user has left the website. If you need a permanent
storage you may want to store the data in a database.
Sessions work by creating a unique id (UID) for each visitor and store
variables based on this UID. The UID is either stored in a cookie or
is propagated in the URL.
Session data is stored at the Server side but the reference or id to the session is stored on the client's browser cookie. For the server to know your session id we make a call to session_start() on each page it is required (at the top) so that the first thing done is to get the id from the user and retrieve the session data. It is required on every page whenever you want to access session data.
Here is a video tutorial also. http://blip.tv/step4wd/php-sessions_en-5983086
The answer is yes. You have to do that on every page. If you don't do that you get a undefined index error.
This will work because we include the file
Index.php
<?php
session_start();
//file doesn't have session_start
include "file.php";
?>
No: it is NOT always going to create a new session. It only tells the script that this page wants to start OR maintain an existing session.
A session is nothing more that a STATE AT THE SERVER that you carry from from page to page.
It is NOT accessible from the client (browser).
The only thing the browser must do to keep the session is passing an ID (called default PHPSESSID in PHP).
This ID can be stored in a cookie, GET or POST, as long as you get it transfered to the server with each request you make.
Youve to use session_start(), everywhere you need to work with session like, creating, accessing, destroying.
Unlike cookies, you can't access or work with session unless you initiate the session.
I am creating a login module in php. I am using session variables for that.
On the top of the file, I write
session_start();
Then when my login password is authenticated, I write
$_SESSION["username"] = $_POST["userid"]
now do I need to do something else as well to ensure that the session that got started sustains?? because as soon as it logs in, it logs out automatically? does it mean the session expires as soon as I log in?? In that case what should I do to make the session sustain??
Put session_start(); at the top of page where you will use the session variables.
And be sure you don't unset session in you login script.
No, session is meant to stay between the requests. If you read $_SESSION['username'] on next request, it will contain the data you saved in previous request. Obviously, you need to put session_start(); at the beginning of every page you want to interact with it.
session_start() doesn't start the session, it starts the session engine. It must be run on every page you want to have access to the session on.
You need session_start(); at the top of all files you are going to access Session data in
At the top, put session_start(); also on each page you want to use session, you need this function.
The session sustains as long as you didn't remove the session or close the browser, not sure whether it will expire sometime.
To check whether you are still logged in, you can access the session using $username = $_SESSION['username'];, or the function isset($_SESSION['username']) also helps.
So Im a beginner when it comes to PHP so I need a little help. I am trying to figure out when to start the session. Should I do it when the user first registers or what about when they log in?
Also, are sessions 'universal' meaning when I check a session will it work or do I have to include a file to all pages that check if someone has a session?
"Should I do it when the user first registers or what about when they log in?"
You should do it every time you want to get or set any session information. Data stored in the $_SESSION array will only be available after the session is started.
"Also, are sessions 'universal' meaning when I check a session will it work or do I have to include a file to all pages that check if someone has a session?"
Calling session_start() is all you need to create a session. If a session was already created, that session will be used.
just to session_start() once in every file you access the $_SESSION variable. best would be to do it in a central spot. for example a file which is included in every of your applications files.
I'm building a simple website with few pages such as index.php, about.php etc. I've included navigation file and I want it to automatically choose current page and use different styling. It can be done with one variable. The easiest way is to use GET method but I want to have shorter URL. So is there any other way? Because as far as I know POST refers only to forms. Maybe I should use cookies?
Use a session. It will keep a set of values stored in the $_SESSION superglobal as long as the client's session cookie is still set.
Example:
page1.php
<?php
session_start();
$_SESSION['test'] = "Hello, session!";
?>
page2.php
<?php
session_start();
echo $_SESSION['test'];
?>
If you visit page2.php first, you'll get no output. Once you visit page1.php, it will set the 'test' session variable. When you view page2.php again, it will show the result. This session is server-side, and is accessed by the session ID stored in a cookie by the browser. Session cookies are usually deleted when the browsing session ends (i.e. the user closes the browser) or when the session cookie timeout expires. Most sites use this as a mechanism to handle logins, by setting session variables relating to the logged in user (e.g. user id) when a login completes successfully.
See the PHP sessions reference: http://www.php.net/manual/en/book.session.php