Page 1 of 1

more session...

Posted: Thu Jun 20, 2002 4:10 am
by 9902468
This might be a bit easy question, but how can I check if session is already started? I tried like this:

Code: Select all

session_start()
if ( isset ( $_SESSIONї"some_value"] ) ) {
         /* variable is set -> session is already started */
  }
  else {
 /* variable not found -> must start new session */
        unset($_SESSION);
        session_destroy();
  }
OK, all good, but if session is not started I must stop that session and check users password and username, and then, if passwd && username are correct, I start new session and set
$_SESSION["some_value"] = something, but obviously I get error msg: cannot set cache... headers already sent... (headers went to the tube while checking....)

Any checking methodes that comes in your mind?

Thanks
-9902468

--Note!! According to php documentation ob_start doesn't work....:
void ob_start ( [string output_callback])

This function will turn output buffering on. While output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer.

Posted: Thu Jun 20, 2002 6:40 am
by volka
why do you have to destroy the session at this state?
if isset ($_SESSION["some_value"]) is false, ok, the current user isn't in. Just check the login/password again and if successful store the new value in $_SESSION.
I would destroy the session only if a logged in user logged out manually.

Posted: Sun Jun 23, 2002 9:28 am
by 9902468
Yeah, I guess you are right, but I should delete session also if password / username don't match.

Posted: Sun Jun 23, 2002 2:21 pm
by will
9902468 wrote:but I should delete session also if password / username don't match.
i don't think you'd necessarily have to... can't it be safely assumed that if a login is attempted and failed, that it will be immediately retried (hence, overwriting the data with the new attempt)?

Posted: Mon Jun 24, 2002 5:53 am
by 9902468
will wrote: i don't think you'd necessarily have to... can't it be safely assumed that if a login is attempted and failed, that it will be immediately retried (hence, overwriting the data with the new attempt)?
mmmmm. right.