Simple PHP code help .. the up to date way with sessions

[hugeness]

Hello

 

I have been out of the loop with PHP for about 6 years, even then my knowledge was basic.. i have been looking for the correct way to pass variables over pages using sessions, but the tutorials out there appear really mixed up on the use of session_start() and gobals and stuff like that..

could anyone recommend a definitive tutorial for 2009 that i can make a start on applying to my pages? i have about 40 variables i need to share over pages..

 

I've just added session_start() to a page to test it, and am now getting the following message

 

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0

 

thanks!

[gizmola]

Don't use globals. Globals have nothing to do with sessions.  Likewise, register globals should be set off, and is set off for php by default.

 

I can't provide you a definitive tutorial to sessions but they aren't complicated.

 

By default sessions utilize a cookie that sets a session id which by default is named phpsessid.

 

When you call session_start this cookie is either read from the request header [session exists]  or a new cookie is created.

 

If the session exists, the session handler goes and gets existing session data, which it identifies by the session id.  By default session data is stored (serilaized) in individual files on the php server.

 

When a script is running, you can add/change/remove/read session variables by either reading or assigning to $_SESSION[].  While the script is executing, they are just like any other type of variable. 

 

The only thing special about them is that when the script ends, a special handler kicks in, that takes the session variables, and serializes them out to the file again.

 

By default the session cookie that is created lasts as long as the browser is open.  If the browser is closed, the cookie expires.  People who want to reinstantiate beyond the life of a browser session need to use another cookie to supplement this.  People ask about this all the time so i throw it in for completeness.

 

The variables that control cookie behavior are set up in the php.ini.  You can change all sorts of things about them if it suits you, but the main thing to understand is that sessions also have an expiration.  Under a site with at least steady traffic, the handler will be invoked enough when people visit, that it will clean up expired session files predictably.  This is really only important to know, in terms of understanding that you don't have to worry about cleaning up these session files yourself.

 

Questions?

 

[hugeness]

Thanks for that, interesting stuff... so adding the session_start() to my test page kicked off a warning, does this mean globals are set to 'on' and i need to turn them off?

 

so lets presume i tackle the error message... (using xampp latest so not sure why globals should be on).

 

page 1 would be

session_start()

 

form

 

submit = post

 

page2 would be

session_start()

$_SESSION['variable_n']= $_POST['variablen'];

 

$'variable_n = $_POST[''variable_n'];

 

utilize variables etc..

 

page 3

session_start()

 

would i need to copy all the

$_SESSION['variable_n']= $_POST['variablen'];

 

$'variable_n = $_POST[''variable_n'];

again?

is that kind of the whole end result of disabling globals? that this stuff doesnt get passed automatically?

 

thank you, just trying to understand whats going on.

 

lastly, is this format still valid?

 

if (!$id) {

header("Location: http://site.com/book/pick_modcontact.php");

exit;

 

} else {

 

session_start();

 

}

 

if ($valid != "yes") {

header("Location: http://site.com/resource/admin/admin_menu.php");

exit;

 

} else {

 

session_register('valid');

[gizmola]

It's not that easy to understand how you're structuring things.  It would be better if you could put

 [code=php:0] 

[/code] blocks around your code.

 

When you do form variable assignments to your $_SESSION[] variables, that is find.  Again you can use them like any other type of variable, so once you assign values to them you can echo them, use them in computations, or whatever you desire.  There is no need to create other variables.

 

All your input should come from the $_GET[] (url parameters from the query string) or $_POST[] (from your forms with method=POST).  You can also manipulate these variables inside the script, so again you don't have to make temp variables of the same name if you want to use them or manipulate them. 

 

I don't know where you cribbed code from but you do not use session_register() for anything.  The $_SESSION is a superglobal.

 

Again I can't really follow the flow of what you have because I don't know what the goal of that code is, however, it does seem you want to at some point set:

 

$_SESSION['valid'] = 'yes';

So in the small snippet of code at the bottom, its hard to say because I don't know what $id is suppossed to be, or where it comes from.  I will say that in general you have an init file that will start the session.  There is no reason not to start a session always, because people don't necessarily navigate a site the way you want them to.  Otherwise--- yes header() followed by exit is important, so that people who are trying to hack your site with tools that don't follow a redirect can't drop down into code that they should have been redirected away from.

 

session_start();
if (isset($_GET['id'] && (int)$_GET['id'] > 0) {
   header("Location: http://site.com/book/pick_modcontact.php");
   exit;
   
}

if ($_SESSION['valid'] != 'yes') {
   header("Location: http://site.com/resource/admin/admin_menu.php");
   exit;
} 

 

Presumably somewhere in admin_menu.php the user is authenticated and $_SESSION['valid'] = 'yes'?