Problem with session

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
fastfingertips
Forum Contributor
Posts: 242
Joined: Sun Dec 28, 2003 1:40 am
Contact:

Problem with session

Post by fastfingertips »

I made a page named 'index.php' and inside of it i have some methods that are displaying some texts, images and all this content depends by session.

If i have session is displayng me something, otherwise it displays me a different content.

My problem is that i do not know how to test and were to put the session_start() function to be able to test this, because if i put this in the header it detects my session and it allways displays me the content with session. So i'm asking is should i check if a parameters exists in that session (to test session valability) or is there any other way.
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

Code: Select all

#put session_start(); at the very beginning of the website... at the top of the page.

if (isset($_SESSION['session_id']))
{
#do this
}
else
{
#do this
}

// or 

if (isset($_COOKIE['PHP_SESSID']))

{
#do this
}
else
{
#do this
}
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

session_start() should allways be at the top with for example header()'s or similiar.
It has nothing really to do with validating, rather just activating the session handlers. If you get detection of a certain session using this at the top, you likely are doing something wrong. You could provide some example code to work with.

Example code (pseudo code):

Code: Select all

<?php
 session_start();
 if (!empty($_SESSION['foo']) and $_SESSION['foo'] != 'bar') {
[...]
fastfingertips
Forum Contributor
Posts: 242
Joined: Sun Dec 28, 2003 1:40 am
Contact:

Post by fastfingertips »

Hm i know this method and i resolved using same idea.

Since now i was using my session script (that works with database) and today my company ask me to design something with PHP native session handler, but as i heard here are some security problems.

Can you give me some details about security issues regarding sessions?
Post Reply