Page 1 of 2
PHP Sessions
Posted: Tue May 30, 2006 7:43 pm
by BigAbe
Aloha again everyone!
I'm just about ready to wrap up my project, and I've been asked to incorporate session variables. Does anyone know any good step by step how-to's for this? I'm very familiar with regular variables, I just have no experience with sessions. I've checked php.net/session, but it's just really confusing.
If someone could help break it down, it would be most appreciated.
Mahalo!
-- Abe --
Posted: Tue May 30, 2006 8:03 pm
by RobertGonzalez
There are tons of research on PHP sessions. The real question is what do you plan on doing with your sessions? That is something to know in advance because it kinda dictates the direction you take with them.
Posted: Tue May 30, 2006 8:08 pm
by BigAbe
Fair enough.
Basically, I'm designing a "classified ad' system, and it's being installed within another program. So I'll be passing user variables from the program to mine (to allow single sign-on), and I need to keep track of a few user fields (name, ID #, etc) across all pages within my system. Thus my boss wants me to use session variables to keep track of the user and prevent users doing things to ads they don't own.
-- Abe --
Posted: Tue May 30, 2006 8:11 pm
by BigAbe
I should add that the main program will be sending me a user variable, which I will then match with my users database and use my own user variables to track the user in my system.
Posted: Tue May 30, 2006 8:23 pm
by RobertGonzalez
That seems simple enough. First thing to do is make sure that the call to session_start() always happens before output to the browser. Also remember that PHP default Garbage Collection (GC) time is 10 minutes, so unless you change that setting in php.ini (or by using a ini_set value) your sessions time out at 10 minutes. Outside of that, it's really as easy as setting a var value, except that you assign the values to the $_SESSION array var.
Code: Select all
<?php
session_start();
$_SESSION['time'] = time();
$_SESSION['user'] = $_POST['user_id'];
// etc etc
?>
Posted: Tue May 30, 2006 8:28 pm
by BigAbe
Everah wrote:That seems simple enough. First thing to do is make sure that the call to session_start() always happens before output to the browser. Also remember that PHP default Garbage Collection (GC) time is 10 minutes, so unless you change that setting in php.ini (or by using a ini_set value) your sessions time out at 10 minutes. Outside of that, it's really as easy as setting a var value, except that you assign the values to the $_SESSION array var.
Code: Select all
<?php
session_start();
$_SESSION['time'] = time();
$_SESSION['user'] = $_POST['user_id'];
// etc etc
?>
So whenever I want the variable value, I just need to call $_SESSION['varnamehere']?
Also, what is the purpose of
Is this for the timeout?
Thanks again for your quick and prompt responses!
-- Abe --
Posted: Tue May 30, 2006 8:36 pm
by BigAbe
Also, is it a good idea to keep my connection info in a session variable as well? If so, what would be the proper syntax to do so?
Thanks!
-- Abe --
Posted: Tue May 30, 2006 8:54 pm
by RobertGonzalez
What I posted earlier were just examples of how to set a session var. I usually use a session time so I can compare session time to actual so when the session craps out I can do something pretty instead of referencing a bunch of index's that don't exist. But that's just me.
As for calling the session var, you are dead on. After setting a session var you call it like you said.
Posted: Wed May 31, 2006 2:16 pm
by BigAbe
Everah wrote:As for calling the session var, you are dead on. After setting a session var you call it like you said.
I seem to be having problems...
On page one, I have this:
Code: Select all
session_start();
$user = 1;
$_SESSION['time'] = time();
$_SESSION['userID'] = $userID;
echo $userID;
The page gives prints out 1, but on page 2, I have
And nothing comes out. I'm kind of clueless as to why.
Also, whenever I load the page with session_start() more than once, I get this:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/laurels/public_html/abe/client/index2.php:11) in /home/laurels/public_html/abe/client/index2.php on line 57
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/laurels/public_html/abe/client/index2.php:11) in /home/laurels/public_html/abe/client/index2.php on line 57
Any thoughts?
Thanks again for all of your help!
-- Abe --
Posted: Wed May 31, 2006 2:33 pm
by RobertGonzalez
Everah wrote:First thing to do is make sure that the call to session_start() always happens before output to the browser.
Header sent errors means that you are trying to call session_start() after outputing something to the browser. Doing that kills your cookie settings (PHP cookie based sessions) and will not let the session data transfer (because the cookie cannot be set).
Posted: Wed May 31, 2006 2:41 pm
by BigAbe
First thing to do is make sure that the call to session_start() always happens before output to the browser.
I'm moving it above all of the output, and even into the <head> but, I'm still getting the error.
Posted: Wed May 31, 2006 3:11 pm
by RobertGonzalez
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/laurels/public_html/abe/client/index2.php:11) in /home/laurels/public_html/abe/client/index2.php on line 57
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/laurels/public_html/abe/client/index2.php:11) in /home/laurels/public_html/abe/client/index2.php on line 57
This error is telling you that in index2.php (possibly an included file?) that on line 57 there is something being output to the browser before the session_start() call.
My typical PHP pages that use sessions will look like this...
Code: Select all
<?php
session_start();
// the rest of my code
?>
Posted: Wed May 31, 2006 4:06 pm
by Christopher
BigAbe wrote:I'm moving it above all of the output, and even into the <head> but, I'm still getting the error.
I think it is common practice to put this PHP block before any HTML. You build all the output into variables and then embed it into the HTML, such as:
Code: Select all
<?php
session_start();
// the rest of my code
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title><?php echo $title; ?></title>
...
Even better would be to move the bottom HTML part to a separate file and include it. Then you have separated your program stuff from the presentation stuff -- that has proven to help reduce errors down the road.
Posted: Wed May 31, 2006 4:24 pm
by RobertGonzalez
Good point arborint. Looking at some of my code, I usually don't output anything until just before the closing ?> tag of the file I'm in. This prevents issues with sessions and cookies.
Posted: Wed May 31, 2006 4:55 pm
by BigAbe
I think it is common practice to put this PHP block before any HTML. You build all the output into variables and then embed it into the HTML, such as:
Thanks a bunch Everah and arborint! It's working now, but I just have a few more questions regarding sessions.
1) How do I handle timeouts and/or specifying how long I want the user to stay "logged in"?
2) Do you recommend keeping the connection data in a session variable? I have one main index page with tons of include() statements, so I can easily just keep the connection details there, but if there's an easier/better way of doing it, I'd love to hear your thoughts.
Thanks!
-- Abe --