Page 1 of 1

[solved] session best practices for arrays?

Posted: Fri Jun 10, 2005 7:25 am
by robster
I've decided to take the bite and learn about sessions etc. Basically I have a site with a 2 page registration setup and I am a bit sick of passing variables etc, so I thought I'd save them as session data to retrieve when I see fit.

The question is, is there a way to save all my variables (about 20, some with a descriptive text) in one session (cookie) or should I create many (about 20 of them) each with their own variable?

I'm not sure HOW I would do it were I to do it all in one, and I'm not sure if storing 20(ish) session cookies would defeat the purpose?

Any advice would be appreciated.

:)

Rob

Posted: Fri Jun 10, 2005 7:33 am
by Syranide
I think you jumbled up the session-definition a little.
A session is basically, a cookie with an ID (which is generally discarded when you close the browser), which on the server "links" to a (by default)file, which contains everything stored in $_SESSION.

What you store in the session doesn't really matter as it doesn't get transfered to the user. HOWEVER, do take some precautions as they are reused (naturally), meaning that a session is something that should be concering the current "visitation", such as login and so on, not page-related stuff, as he could very well be surfing using the same session in two windows.

EDIT: (Like storing formdata in a wizard should also be handled with care, preferably using an internal ID to guarantee he isn't surfing two wizards simulatenously and then his attempts would overwrite each other... so everything "state"-related should be stored in otherways or using an ID find it in an array, overkill you might say, it is not necessary, but it isn't all uncommon that people do these things, ALTERNATIVELY start a new session for each wizard, but both have downsides)

Hope it helped.

Posted: Fri Jun 10, 2005 7:40 am
by robster
That's very helpful thank you :)

I had a look at this in the meantime, says all you say and it's a good read (and makes sense with what I'm saying).

http://www.free2code.net/plugins/articl ... php?id=184

I guess the question is then, were I to use sessions to handle a simple registration page (not login or anything else), would sticking them all in one session (as an array) or stick them in many (as individual variables)?

Also, if array is the way to go, could anyone point me in the direction of how to do this (or let me know your method)?

I'm sort of stuck, it's always been a mental block with sessions and cookies, but I can see it's not nearly as hard as I first thought.

Thanks again, :)

Rob

Posted: Fri Jun 10, 2005 7:44 am
by Syranide
you can only have one session per user and page, meaning that you (SHOULD ;)) only use one session too, $_SESSION is an array by default, and is commonly used as $_SESSION['username'] etc etc... (note that you have to start the session before it works properly)

so everything goes in one session, generally you only need cookies for storing autologin/remember data if you use sessions...

Posted: Fri Jun 10, 2005 7:49 am
by robster
so would this code work (assuming all variables have data in them)?

Code: Select all

<?php

session_start(); // start session

$_SESSION['registration_details'] = '$username $password $data_of_birth $location $etc';

?>
(imagine about 20 of those variables though ;)
Is that the syntax? and if so, how does one go about retrieving the data from the array?

I'm sorry to ask what some might see as such simple questions. It really is early days for me still ;)


Thanks again!

Rob

Posted: Fri Jun 10, 2005 7:53 am
by Syranide
your code would be

Code: Select all

<?php
session_start();

$_SESSION['registration_details']['username'] = $username;
$_SESSION['registration_details']['password'] = $password;
$_SESSION['registration_details']['location'] = $location;
// and so on... (you can skip 'registration_details' if you don't want them in a group, this however could be good for readability and to prevent mistakes)
?>
and e.g. in the submissionfile you have this

Code: Select all

<?php
session_start();

echo $_SESSION['registration_details']['username'];
?>
and you would see his submitted username.

(of course both can be used together)

Posted: Fri Jun 10, 2005 8:06 am
by robster
Ahhhh, so simply adding variables to the session, you create an array!
That's amazing! :)

I'll go and see what I can break with this new found knowlege and report back with my results. I am guessing I'll run into a few errors here and there but will work through them (as is part of learning :)).

Thanks so much for such fast and helpful replies :)

Rob

Posted: Fri Jun 10, 2005 8:09 am
by Syranide
btw oh I forgot to say, but if you want to make sure you don't get any errors from PHP

you better

Code: Select all

$_SESSION['registration_details'] = array();
as it isn't an array from start (however, this could add some more thinking as you would have to check if it already exists and so on), so skip it for now to keep things simple, but remember it ;)

Posted: Fri Jun 10, 2005 8:15 am
by robster
Thank you I will (bookmarking this page ;)).

I do have a question regarding creating the session and adding data.
Presuming I state:

Code: Select all

session_start();
at the start of the script, could I then later on in the script in various places, add data to it with the

Code: Select all

$_SESSION['registration_details']['username'] = $username;
then later again, say a page or more down:

Code: Select all

$_SESSION['registration_details']['password'] = $password;
or do they all have to be set at the same time?

I am guessing not as that seems overly restrictive, but best to ask I guess, as it will affect my planning .

Posted: Fri Jun 10, 2005 9:10 am
by Syranide
it is all very intuitive... think of SESSION as nothing more than a variable, which can be kept between pages.

at session_start, $_SESSION is recreated from its previous state (for that ID)

at end of the script $_SESSION is stored so it can be recreated by session_start in another page.

so, with other words, $_SESSION works exactly the same way as any other variable, except it is saved and loaded. (inbetween session_start and end of script there is no difference at all except that it is a superglobal array (if you don't know what it means, just forget it) just as $_GET etc)