Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Programming Languages >> PHP Related >> PHP
  2. Suggest New Category

How can we know that a session is started or not?

Question Posted / rakesh kumar nautiyal

Answer Posted / rakesh kumar nautiyal

Generally speaking I agree with what your saying about
needing to know
if a session has been started or not. But I also believe
it has its
place for some user land custom session handlers. Being
able to throw
an exception in a session object's __construct() or __wakeup
() for
various reasons can present a situation that is easily
solved inside
__construct() by:

if(session_has_started()) { // Added function via
patch
session_regenerate_id($newID); // Added $newID via
the patch
$_SESSION = array();
} else {
session_id($newID);
session_start();
}

Say there is an authentication token in the session, the
session needs
to be started so we can access the token. If the token
proves to be
invalid, we need to create a blank session with a new
session ID.

> Also, the concept of session_id_exists is
fundamentally
> broken (think of atomic file creation). That is why
there is
> no such function.

I disagree. If a provided session ID via $_REQUEST(for
arguments sake)
is found not to exist by using the theoretical
session_id_exists().
That would mean the script was given an ID that wasn't
created by PHP,
and the script logic could act accordingly. What am I
overlooking?

> Regarding providing an id to session_regenerate_id: I
have
> seen too many supposedly save session id generators
that I
> would be in favor of adding that kind of overwriting
power.

I agree that PHP should be left to create a unique ID. But
the
functionality currently exists for the user to set their
own ID with
session_id($newID). The user has this ability before a
session is
started. But loses the ability when trying to use
session_regenerate_id() in a similar fashion after the
session has
started. It seems like a contradiction to allow it in one
case and not
the other.

I could try and grok the source to figure it out myself,
but someone
here might know off the top of their head. Is calling
something like
md5(uniqid(rand(), TRUE)) better, worse, or equivalent to
how PHP
creates a unique session ID?

Is This Answer Correct ?    1 Yes 3 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

Tell me can you extend a final defined class?

1031

How do you define a constant in php?

1035

How can you tell if a number is even or odd without using any condition or loop?

984

What is a http session?

938

CWD is a type of shell variable. State Whether True or False?

1082

What are php data types?

967

Explain what are the different errors in php?

974

how to track no of users logged in?

1010

How to open a file in php?

1054

Which function is used in php to search a particular value in an array?

892

Tell me is it possible to remove the html tags from data?

893

Why we use get in php?

972

What is smarty?

947

What is global array in php?

1038

What was the old name of php?

1396