i would just like to know which is the best method for setting session variables:
using functions such as session_register() and session_is_registered()??
or using the $_session superglobal?
i have been using the functions described above but most of the examples ive seen use the superglobals
is there any difference between the two in terms of reliability and, most importantly security??
session_resgister v's $_session[]
Moderator: General Moderators
-
dannymc1983
- Forum Commoner
- Posts: 80
- Joined: Wed Feb 16, 2005 7:24 am
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
$_SESSION superglobal. session_register() was used when register_globals was on by default and in old versions of php as evidenced by the note they have on the documentation page:
session_register() wrote: If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.
register_globals: important note: Since PHP 4.2.0, the default value for the PHP directive register_globals is off. The PHP community encourages all to not rely on this directive but instead use other means, such as the superglobals.
This registers a global variable. If you want to register a session variable from within a function, you need to make sure to make it global using the global keyword or the $GLOBALS[] array, or use the special session arrays as noted below.
If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister()