PHP Sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

PHP Sessions

Post by BigAbe »

Aloha again everyone!

I'm just about ready to wrap up my project, and I've been asked to incorporate session variables. Does anyone know any good step by step how-to's for this? I'm very familiar with regular variables, I just have no experience with sessions. I've checked php.net/session, but it's just really confusing.

If someone could help break it down, it would be most appreciated.

Mahalo!

-- Abe --
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

There are tons of research on PHP sessions. The real question is what do you plan on doing with your sessions? That is something to know in advance because it kinda dictates the direction you take with them.
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

Fair enough.

Basically, I'm designing a "classified ad' system, and it's being installed within another program. So I'll be passing user variables from the program to mine (to allow single sign-on), and I need to keep track of a few user fields (name, ID #, etc) across all pages within my system. Thus my boss wants me to use session variables to keep track of the user and prevent users doing things to ads they don't own.

-- Abe --
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

I should add that the main program will be sending me a user variable, which I will then match with my users database and use my own user variables to track the user in my system.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

That seems simple enough. First thing to do is make sure that the call to session_start() always happens before output to the browser. Also remember that PHP default Garbage Collection (GC) time is 10 minutes, so unless you change that setting in php.ini (or by using a ini_set value) your sessions time out at 10 minutes. Outside of that, it's really as easy as setting a var value, except that you assign the values to the $_SESSION array var.

Code: Select all

<?php
session_start();

$_SESSION['time'] = time();
$_SESSION['user'] = $_POST['user_id'];
// etc etc
?>
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

Everah wrote:That seems simple enough. First thing to do is make sure that the call to session_start() always happens before output to the browser. Also remember that PHP default Garbage Collection (GC) time is 10 minutes, so unless you change that setting in php.ini (or by using a ini_set value) your sessions time out at 10 minutes. Outside of that, it's really as easy as setting a var value, except that you assign the values to the $_SESSION array var.

Code: Select all

<?php
session_start();

$_SESSION['time'] = time();
$_SESSION['user'] = $_POST['user_id'];
// etc etc
?>
So whenever I want the variable value, I just need to call $_SESSION['varnamehere']?

Also, what is the purpose of

Code: Select all

$_SESSION['time'] = time();
Is this for the timeout?

Thanks again for your quick and prompt responses!

-- Abe --
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

Also, is it a good idea to keep my connection info in a session variable as well? If so, what would be the proper syntax to do so?

Thanks!

-- Abe --
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

What I posted earlier were just examples of how to set a session var. I usually use a session time so I can compare session time to actual so when the session craps out I can do something pretty instead of referencing a bunch of index's that don't exist. But that's just me.

As for calling the session var, you are dead on. After setting a session var you call it like you said.
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

Everah wrote:As for calling the session var, you are dead on. After setting a session var you call it like you said.
I seem to be having problems...

On page one, I have this:

Code: Select all

session_start();
$user = 1;
$_SESSION['time'] = time();
$_SESSION['userID'] = $userID;

echo $userID;
The page gives prints out 1, but on page 2, I have

Code: Select all

<?php echo $_SESSION['userID'];
And nothing comes out. I'm kind of clueless as to why.

Also, whenever I load the page with session_start() more than once, I get this:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/laurels/public_html/abe/client/index2.php:11) in /home/laurels/public_html/abe/client/index2.php on line 57

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/laurels/public_html/abe/client/index2.php:11) in /home/laurels/public_html/abe/client/index2.php on line 57
Any thoughts?

Thanks again for all of your help!

-- Abe --
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Everah wrote:First thing to do is make sure that the call to session_start() always happens before output to the browser.
Header sent errors means that you are trying to call session_start() after outputing something to the browser. Doing that kills your cookie settings (PHP cookie based sessions) and will not let the session data transfer (because the cookie cannot be set).
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

First thing to do is make sure that the call to session_start() always happens before output to the browser.
I'm moving it above all of the output, and even into the <head> but, I'm still getting the error.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/laurels/public_html/abe/client/index2.php:11) in /home/laurels/public_html/abe/client/index2.php on line 57

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/laurels/public_html/abe/client/index2.php:11) in /home/laurels/public_html/abe/client/index2.php on line 57
This error is telling you that in index2.php (possibly an included file?) that on line 57 there is something being output to the browser before the session_start() call.

My typical PHP pages that use sessions will look like this...

Code: Select all

<?php
session_start();
// the rest of my code
?>
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

BigAbe wrote:I'm moving it above all of the output, and even into the <head> but, I'm still getting the error.
I think it is common practice to put this PHP block before any HTML. You build all the output into variables and then embed it into the HTML, such as:

Code: Select all

<?php
session_start();
// the rest of my code
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title><?php echo $title; ?></title>
...
Even better would be to move the bottom HTML part to a separate file and include it. Then you have separated your program stuff from the presentation stuff -- that has proven to help reduce errors down the road.
(#10850)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Good point arborint. Looking at some of my code, I usually don't output anything until just before the closing ?> tag of the file I'm in. This prevents issues with sessions and cookies.
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

I think it is common practice to put this PHP block before any HTML. You build all the output into variables and then embed it into the HTML, such as:
Thanks a bunch Everah and arborint! It's working now, but I just have a few more questions regarding sessions.

1) How do I handle timeouts and/or specifying how long I want the user to stay "logged in"?

2) Do you recommend keeping the connection data in a session variable? I have one main index page with tons of include() statements, so I can easily just keep the connection details there, but if there's an easier/better way of doing it, I'd love to hear your thoughts.

Thanks!

-- Abe --
Post Reply