session_is_registered()

[johnnyk]

How reliable would you say session_is_registered() is? Are there any times when it will not work as expected? What if the browser disables cookies, would it still work?

Also, is it better practice to do:
[code]
if(!session_is_registered('session') && isset($_POST['a']) && isset($_POST['b'])){
  echo "<p class=\"left\">
  echo "Invalid submission";
  echo "</p>";
}elseif(session_is_registered('session') && isset($_POST['a']) && isset($_POST['b'])){
//process
}else{
//display form
}
[/code]

or is using something like the following fine (same thing without first if):
[code]
if(session_is_registered('session') && isset($_POST['a']) && isset($_POST['b'])){
//process
}else{
//display form
}
[/code]

Other than the fact that they're not gonna get the "Invalid submission" echo, is there anything wrong or unsecure about doing it the second way?

[.josh]

if your elseif is the exact opposite of your if statement, then your else will never execute, because making your elseif statement the exact opposite is the same as simply doing 'else'.  Now, your first if, and your elseif aren't the same exact conditions, but it depends on your script and what you are wanting it to do, whether you should use all 3. Do you want it to do 3 different things here? that is, do you want it to do method 'a' if there is not a registered session, but there is a post 'a' and post 'b', and if that's not true, then do method 'b' if there [b]is[/b] a registered session and posta and postb, and if that's not true either, then do method 'c' ?

[johnnyk]

Yeah that's what I'm doing. The else should execute if a or b or both are not posted, regardless of the session.

[.josh]

okay then you'd want to structure it like this:

if($_POST) {
  if(sessionstuff) { }
} else {
  echo form
}

[johnnyk]

What's wrong with the way I had it?

Also, back to my first question, how reliable is session_is_register() and does it depend on cookie settings?

[wildteen88]

No. session_is_register checks whether the session name has been set within the session file. However the session itself does depend cookies, but if cookies are disabled PHP will attempt to place the SESSID in the url instead.

Also session_is_register is becoming a depreciated function. Instead you can use something like the following:
[code=php:0]if(isset($_SESSION['sess_name']))
{
    //do something
}[/code]

[johnnyk]

So if I set .htaccess to only use cookies on PHP sessions, and a use has disabled cookies, it won't work?
Without that line in .htaccess, it always puts it in the URL. How would I set .htaccess to try cookies first then try URL?

[smith.james0]

[quote author=johnnyk link=topic=99664.msg392688#msg392688 date=1152207333]
So if I set .htaccess to only use cookies on PHP sessions, and a use has disabled cookies, it won't work?
Without that line in .htaccess, it always puts it in the URL. How would I set .htaccess to try cookies first then try URL?
[/quote]

I am interested in the use of .htaccess with sessions. What you code would you use to do this?

James

[wildteen88]

The gernal syntax to change a PHP setting would be this:
[code]php_flag [setting_name] [value][/code]
For example if you want to turn off register_globals you can use this:
[code]php_flag register_globals Off[/code]