How does PHP think about sessions?

[gnathan87]

Hi,

 

just been trying to solidify my sessions knowledge... I've got a basic grasp on how they work, but trying out some slightly more adventurous constructions (specifically, with multiple sessions at once) just now has produced some puzzling results. I think my basic problem is that I don't really understand how PHP thinks about sessions internally, and probably actually have a misconception or two about it. I've had a look in the source code, but unfortuantely found it difficult to pick out what was going on very quickly. Was wondering if anyone could explain this for me?

 

For example, here's something I don't understand. Imagine you run the following three scripts in order:

 

test1.php

<?php

//Session A
session_name('session_A');
session_start();

$_SESSION['testvar_A'] = "hello_A";

session_write_close();

//Session B
$_SESSION = array();
session_name('session_B');
session_start();
session_regenerate_id();

$_SESSION['testvar_B'] = "hello_B";

session_write_close();

?>

 

No output, generates two session cookies with different IDs.

 

test2.php

<?php

session_name('session_A');
session_start();

print_r($_SESSION);

?>

 

Outputs "Array ( [testvar_A] => hello_A )" as expected.

 

test3.php

<?php

session_name('session_B');
session_start();

print_r($_SESSION);

?>

 

Outputs "Array ( [testvar_A] => hello_A [testvar_B] => hello_B ) "

 

Why does the output of test3.php also include testvar_A?

 

Many thanks for any clarification on this!

 

Jonathan

[ram4nd]

session_name goes after session_start

[gnathan87]

session_name goes after session_start

 

thanks - unfortuantely this didn't fix it... actually, it says in the manual that you should put name before start... so, not sure about that.

 

http://us3.php.net/manual/en/function.session-name.php

 

Playing around a bit I actually figured out that clearing the session variable after session_regenerate_id works as I expected, i.e.:

 

<?php

//Session B
session_name('session_B');
session_start();
session_regenerate_id();
$_SESSION = array();

?>

 

session_start() is pulling the variables from session A into session B.

 

I was assuming that PHP had some global variable storing the session name, that was set by session_name. It would then take the last value given to session_name and fetch the session ID from the corresponding cookie in the HTTP request. Finally, it would fetch the saved session data from a file on the server corresponding to the particular session ID, and put all those variables into $_SESSION. Is that not how it works?  :-\

[roopurt18]

From a practical standpoint your exercise is wasted effort.  In the 4 or 5 years I've been programming PHP I've never had a reason for one user to have multiple sessions.

 

Why on Earth are you doing this?

[gnathan87]

From a practical standpoint your exercise is wasted effort.  In the 4 or 5 years I've been programming PHP I've never had a reason for one user to have multiple sessions.

 

Why on Earth are you doing this?

 

just because something is not practical, does not mean it is not interesting, or satisfying to learn about I just had a few spare hours and decided to try and get a better grip on some php functions I never really looked at... I don't actually think this is a big mystery, just that I must be thinking about something in the wrong way.

 

although i agree, in the 5 or 6 () years I've been programming PHP, I haven't either.

 

[gnathan87]

quoted by mistake, sorry.

[roopurt18]

Well AFAIK all session_name() is change / set the GET or COOKIE variable name.

 

Regenerating the ID does exactly that.  It takes the current session id and mangles it into a new one.  All of the existing session data comes along with it.

 

There is no way to give a user more than one session (AFAIK).