Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Programming Languages >> PHP Related >> PHP
  2. Suggest New Category

How can we know that a session is started or not?

Question Posted / rakesh kumar nautiyal

Answer Posted / rakesh kumar nautiyal

Generally speaking I agree with what your saying about
needing to know
if a session has been started or not. But I also believe
it has its
place for some user land custom session handlers. Being
able to throw
an exception in a session object's __construct() or __wakeup
() for
various reasons can present a situation that is easily
solved inside
__construct() by:

if(session_has_started()) { // Added function via
patch
session_regenerate_id($newID); // Added $newID via
the patch
$_SESSION = array();
} else {
session_id($newID);
session_start();
}

Say there is an authentication token in the session, the
session needs
to be started so we can access the token. If the token
proves to be
invalid, we need to create a blank session with a new
session ID.

> Also, the concept of session_id_exists is
fundamentally
> broken (think of atomic file creation). That is why
there is
> no such function.

I disagree. If a provided session ID via $_REQUEST(for
arguments sake)
is found not to exist by using the theoretical
session_id_exists().
That would mean the script was given an ID that wasn't
created by PHP,
and the script logic could act accordingly. What am I
overlooking?

> Regarding providing an id to session_regenerate_id: I
have
> seen too many supposedly save session id generators
that I
> would be in favor of adding that kind of overwriting
power.

I agree that PHP should be left to create a unique ID. But
the
functionality currently exists for the user to set their
own ID with
session_id($newID). The user has this ability before a
session is
started. But loses the ability when trying to use
session_regenerate_id() in a similar fashion after the
session has
started. It seems like a contradiction to allow it in one
case and not
the other.

I could try and grok the source to figure it out myself,
but someone
here might know off the top of their head. Is calling
something like
md5(uniqid(rand(), TRUE)) better, worse, or equivalent to
how PHP
creates a unique session ID?

Is This Answer Correct ?    1 Yes 3 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

How to track user logged out or not? When user is idle?

960

Tell me how can we pass the variable through the navigation between the pages?

993

How to set session.gc_maxlifetime properly?

1067

What is escape data in php?

943

How can we display information of a variable and readable by a human with php?

976

write a note on Testing the web site

1862

What are helpers in php?

946

What is php array function?

1162

How to get no of arguments passed to a PHP Function?

939

Tell us what does $_cookie means?

996

Tell me how stop the execution of a php scrip?

989

What is the use of nl2br() in php?

1054

What is sql injection in php?

1140

How to set cookies?

1010

Do you have to initialize variables in php?

960