when to set $_SESSION variables?

frijole · March 5, 2008

I am wondering at what point in the script i should set these variables?

$_SESSION['userid'] = $uid;
$_SESSION['username'] = $uname;

etc....

revraz · March 5, 2008

After $uid and $uname is defined.

frijole · March 5, 2008

so, in the login most likely?

revraz · March 5, 2008

I don't know where you define them.

networkthis · March 5, 2008

Are you wanting to use the session variables to check that the user is logged in?

jbrill · March 5, 2008

you would need to set the session variables once the username/pass are confirmed at login.. dont forget u need to keep the session open using session_start();

frijole · March 5, 2008

ok, so when I have the username and password at the login i can then save them as session variables. And if i use session_start() at the top of each page I will have access to them?

jbrill · March 5, 2008

once the form for the login is processed, checked against db records to make sure the login info ect. matches do the following:

//if the login is successful create variable 
$logged = 1;

if($logged==1)
  {
   $_SESSION['userid'] = $uid;
   $_SESSION['username'] = $uname;
  }
  else {
          echo 'could not login';
          }

i usually include session_start() in my header at the top, so it appears on every page

i never tested this code out, but its just a very basic example

frijole · March 5, 2008

thanks, thats what i was looking for.

networkthis · March 5, 2008

Yes. Simply place the follwing at the top of every page.

<?php 
session_start();
?>

You can then use the following to access your variables

<?php
session_start();
$_SESSION['your_variable_to_access_here']
?>

roopurt18 · March 5, 2008

Do not store their password in the session. The only item you need in the session to keep track of which user it is and if they're logged in is the user_id.

frijole · March 5, 2008

<?php
session_start();
$_SESSION['your_variable_to_access_here']
?>

Is this second session_start() neccesary if there is already one in the header, or anyplace above this?

jbrill · March 5, 2008

no the session_start(); only needs to be on the page 1 time before you use your session stuff

jbrill · March 5, 2008

Do not store their password in the session. The only item you need in the session to keep track of which user it is and if they're logged in is the user_id.

yea, i normally have 2 sessions running:

$_SESSION['userid'] this is so i can easily pull suer information

$_SESSION['logged']==1 if logged is equal to "1" then the users is allowed access

roopurt18 · March 5, 2008

What I'm saying is you don't need logged. The only time you set those is if the user is logged in, right? So if userid is set then they are logged in, making the logged value unnecessary.

jbrill · March 5, 2008

true enough

phpSensei · March 5, 2008

People use ID and Logged for different things actually...

Just setting a normal session after the user logs in is enough, but

If you don't want to access your DB ALL the time, to get the user id, or username, or a certan field, you put them in the session instead when the log in. True you don't need $_SESSION['is_logged'], but you can use it for the sake of clarification, and organizing your data through out your pages.

frijole · March 5, 2008

so you just set the variable:

$_SESSION['userid'] = $userid

when they log in, then pull any other necessary info about from with a query referencing that userid? which is unique.

phpSensei · March 5, 2008

You know, just do, and you dont need to pull it out of the db for the user id, and username. You can put more of the info in the sessions, but that can cause security problems if you dont handle them well.

$_SESSION['logged_in'] = true;
$_SESSION['username'] = $username;
$_SESSION['user_id'] = $userid;

I am using those vars so you dont need to pull them out of the DB all of the time, saves you alot of time. ALOT!

roopurt18 · March 6, 2008

You know, just do, and you dont need to pull it out of the db for the user id, and username. You can put more of the info in the sessions, but that can cause security problems if you dont handle them well.

...

I am using those vars so you dont need to pull them out of the DB all of the time, saves you alot of time. ALOT!

This is true, but I recommend against it. The reason is you now have data duplication. If you store the user's email in the session and the user updates their profile, you now have to remember to update it in the session or anywhere else you've temporarily stored it. The more you duplicate data in this manner the more likely you are to forget to update the data and introduce a bug in your program.

By storing just the user's id you can query any information for the user either when the page loads or just on pages that use it. This is the practice I use and I don't find that it creates any performance issues while it does make my code easier to maintain and less cumbersome.

Sign In

when to set $_SESSION variables?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information