Jump to content

Archived

This topic is now archived and is closed to further replies.

johnnyk

session_is_registered()

Recommended Posts

How reliable would you say session_is_registered() is? Are there any times when it will not work as expected? What if the browser disables cookies, would it still work?

Also, is it better practice to do:
[code]
if(!session_is_registered('session') && isset($_POST['a']) && isset($_POST['b'])){
  echo "<p class=\"left\">
  echo "Invalid submission";
  echo "</p>";
}elseif(session_is_registered('session') && isset($_POST['a']) && isset($_POST['b'])){
//process
}else{
//display form
}
[/code]

or is using something like the following fine (same thing without first if):
[code]
if(session_is_registered('session') && isset($_POST['a']) && isset($_POST['b'])){
//process
}else{
//display form
}
[/code]

Other than the fact that they're not gonna get the "Invalid submission" echo, is there anything wrong or unsecure about doing it the second way?

Share this post


Link to post
Share on other sites
if your elseif is the exact opposite of your if statement, then your else will never execute, because making your elseif statement the exact opposite is the same as simply doing 'else'.  Now, your first if, and your elseif aren't the same exact conditions, but it depends on your script and what you are wanting it to do, whether you should use all 3. Do you want it to do 3 different things here? that is, do you want it to do method 'a' if there is not a registered session, but there is a post 'a' and post 'b', and if that's not true, then do method 'b' if there [b]is[/b] a registered session and posta and postb, and if that's not true either, then do method 'c' ?

Share this post


Link to post
Share on other sites
Yeah that's what I'm doing. The else should execute if a or b or both are not posted, regardless of the session.

Share this post


Link to post
Share on other sites
okay then you'd want to structure it like this:

if($_POST) {
  if(sessionstuff) { }
} else {
  echo form
}

Share this post


Link to post
Share on other sites
What's wrong with the way I had it?

Also, back to my first question, how reliable is session_is_register() and does it depend on cookie settings?

Share this post


Link to post
Share on other sites
No. session_is_register checks whether the session name has been set within the session file. However the session itself does depend cookies, but if cookies are disabled PHP will attempt to place the SESSID in the url instead.

Also session_is_register is becoming a depreciated function. Instead you can use something like the following:
[code=php:0]if(isset($_SESSION['sess_name']))
{
    //do something
}[/code]

Share this post


Link to post
Share on other sites
So if I set .htaccess to only use cookies on PHP sessions, and a use has disabled cookies, it won't work?
Without that line in .htaccess, it always puts it in the URL. How would I set .htaccess to try cookies first then try URL?

Share this post


Link to post
Share on other sites
[quote author=johnnyk link=topic=99664.msg392688#msg392688 date=1152207333]
So if I set .htaccess to only use cookies on PHP sessions, and a use has disabled cookies, it won't work?
Without that line in .htaccess, it always puts it in the URL. How would I set .htaccess to try cookies first then try URL?
[/quote]

I am interested in the use of .htaccess with sessions. What you code would you use to do this?

James

Share this post


Link to post
Share on other sites
The gernal syntax to change a PHP setting would be this:
[code]php_flag [setting_name] [value][/code]
For example if you want to turn off register_globals you can use this:
[code]php_flag register_globals Off[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.