Finding out whether a session is actually open

[far-blue]

Ok, this one is driving me slightly nutty. All I want to know is whether there is currently a php session open. Identifying whether a session has -ever- been open is easy - the $_SESSION variable is defined. But how do I work out whether such a session has since been closed using session_write_close()?

As a little background, I'm writing a framework and need to modify something in a session-held variable. I have no idea whether the framework user has already opened a session so I need to know whether to open the session myself and whether to clean up after myself by closing the session afterwards. Obviously, if the session is already open I don't want to go closing it.

Thanks in advance for all help and suggestions

[trq]

[code]
<?php
  if (session_id()) {
    // session already active.
  }
?>
[/code]

[far-blue]

Let me clarify with a code sample to show why session_id() doesn't help:
[code]
$before=session_id();
session_start();
$during=session_id();
session_write_close();
$after=session_id();
echo "before: $before\n";
echo "during: $during \n";
echo "after: $after \n";
[/code]

notice that the 'after' line will still print out the session id, even though the session is now closed (and any changes to $_SESSION will be lost when the script completes).

[onlyican]

to check for a session, you can do something like

[code=php:0]
if(isset($_SESSION["SesName"])){
//Ses There
}else{
//Not There
}
[/code]
What I done for one of my sites, as the session was needed I done
[code=php:0]
$_SESSION["FontSize"] = isset($_SESSION["FontSize"]) $_SESSION["FontSize"] : "0.8";
[/code]

Where 0.8 was the default (Working in em not px)

[Jessica]

far-blue, why are you using session_write_close? Is it really needed for the script? If you're having trouble with constantly trying to write to the session after you've called write_close, maybe you need to restructure something, so you don't run into this problem, or don't use write_close?

[far-blue]

I am writing framework code. As such, I have no idea whether the developer using the framework already has the session open but I want to leave the session in the same state I found it (like any good programmer should). Therefore, I would like to first identify if the session is already open. If it is, just update the values I need to update. If it isn't, open it, write the values, then close it again.

Generally, esp. when writing ajax code, I would also recommend using session_write_close() as soon as you can in your code because sessions are synchronously locked - if you have multiple requests (e.g. ajax callbacks or images) needing access to the same session, they will all stall and wait until your script finishes or you explicitly call session_write_close(). You can see this in the way images or frames will download one at a time. It's harder to spot with Ajax but it's still a very real issue.

[far-blue]

Just to clarify, session_id(), $_SESSION and SID all maintain their value after a session_write_close() and, as such, cannot be used to test if a session is still open. I've also tried to see if I can catch some sort of obscure exception or error on double-calling session_start() or session_write_close() but to no avail. I've also failed to find anything in $GLOBALS, or any of the php system info I can find.

[far-blue]

ok, I think I have a solution but it is a bit of a hack - please please let me know if you know a better way.

The trick relies on how session_start() works. If the session is closed, it opens it and sets the $_SESSION array back to the content of the session - wiping any changes you may have made. If the session is already open, it leaves the array alone completely. So you can do the following (obviously, having already checked to see $_SESSION already exists):

[code]
$_SESSION['testMe']='test';
@session_start();

if(isset($_SESSION['testMe']))
{
echo "Session was open\n";
unset($_SESSION['testMe']);
}
else
echo "Session was closed\n";
[/code]

Due to the fact the developer might have stored other stuff in $_SESSION, making a copy would be a sensible idea but I think, in general, this will do the job.

Shame it's such a serious hack and relies on undocumented behaviours.