Page 1 of 1

Problem with session

Posted: Mon Jul 19, 2004 5:09 am
by fastfingertips
I made a page named 'index.php' and inside of it i have some methods that are displaying some texts, images and all this content depends by session.

If i have session is displayng me something, otherwise it displays me a different content.

My problem is that i do not know how to test and were to put the session_start() function to be able to test this, because if i put this in the header it detects my session and it allways displays me the content with session. So i'm asking is should i check if a parameters exists in that session (to test session valability) or is there any other way.

Posted: Mon Jul 19, 2004 5:40 am
by ol4pr0

Code: Select all

#put session_start(); at the very beginning of the website... at the top of the page.

if (isset($_SESSION['session_id']))
{
#do this
}
else
{
#do this
}

// or 

if (isset($_COOKIE['PHP_SESSID']))

{
#do this
}
else
{
#do this
}

Posted: Mon Jul 19, 2004 5:41 am
by JAM
session_start() should allways be at the top with for example header()'s or similiar.
It has nothing really to do with validating, rather just activating the session handlers. If you get detection of a certain session using this at the top, you likely are doing something wrong. You could provide some example code to work with.

Example code (pseudo code):

Code: Select all

<?php
 session_start();
 if (!empty($_SESSION['foo']) and $_SESSION['foo'] != 'bar') {
[...]

Posted: Mon Jul 19, 2004 8:28 am
by fastfingertips
Hm i know this method and i resolved using same idea.

Since now i was using my session script (that works with database) and today my company ask me to design something with PHP native session handler, but as i heard here are some security problems.

Can you give me some details about security issues regarding sessions?