XCI. Session handling functions

הערה :

הערה : As of PHP 4.1.0 , $_SESSION is available as global variable just like $_POST , $_GET , $_REQUEST and so on . Not like $HTTP_SESSION_VARS , $_SESSION is always global . Therefore , global should not be used for $_SESSION .

If track_vars is enabled and register_globals is disabled , only members of the global associative array $HTTP_SESSION_VARS can be registered as session variables . The restored session variables will only be available in the array $HTTP_SESSION_VARS .

דוגמה 1 . Registering a variable with track_vars enabled

 
?php

 
session_start(

 
)

 
;

 
if

 
(isset($HTTP_SESSION_VARS['count'])

 
)

 
{

 
$HTTP_SESSION_VARS['count']++

 
;

 
}

 
else

 
{

 
$HTTP_SESSION_VARS['count'

 
]

 
=

 
0

 
;

 
}

 
?





Use of $_SESSION ( or $HTTP_SESSION_VARS with PHP 4.0.6 or less ) is recommended for security and code readablity . With $_SESSION or $HTTP_SESSION_VARS , there is no need to use session_register( ) / session_unregister() / session_is_registered( ) functions . Users can access session variable like a normal variable .

דוגמה 2 .




דוגמה 3 . Unregistering a variable with $_SESSION .






If register_globals is enabled , then all global variables can be registered as session variables and the session variables will be restored to corresponding global variables . Since PHP must know which global variables are registered as session variables , users must register variables with session_register( ) function while $HTTP_SESSION_VARS / $_SESSION does not need to use session_register( ) .

זהירות

If you are using $HTTP_SESSION_VARS / $_SESSION and disable register_globals , do not use session_register( ) , session_is_registered( ) and session_unregister( ) .

If you enable register_globals , session_unregister( ) should be used since session variables are registered as global variables when session data is deserialized . Disabling register_globals is recommended for both security and performance reason .

דוגמה 4 .






If both track_vars and register_globals are enabled , then the globals variables and the $HTTP_SESSION_VARS / $_SESSION entries will reference the same value for already registered variables .

If user use session_register( ) to register session variable , $HTTP_SESSION_VARS / $_SESSION will not have these variable in array until it is loaded from session storage . (i.e . until next request )



Cookies are optimal , but since they are not reliable ( clients are not bound to accept them ) , we cannot rely on them .

PHP is capable of doing this transparently when compiled with --enable-trans-sid . If you enable this option , relative URIs will be changed to contain the session id automatically . Alternatively , you can use the constant SID which is defined , if the client did not send the appropriate cookie . SID is either of the form session_name=session_id or is an empty string .

דוגמה 5 .





 
Hello

 
visitor

 
,

 
you

 
have

 
seen

 
this

 
page

 
?php

 
echo

 
$count

 
;

 
?

 
times

 
.

 
p

 
;

 

 ?php

 
#

 
the

 
?php

 
echo

 
SID

 
?

 
(

 
?=SID

 
?

 
can

 
be

 
used

 
if

 
short

 
tag

 
is

 
enabled

 
)

 
#

 
is

 
necessary

 
to

 
preserve

 
the

 
session

 
id

 
#

 
in

 
the

 
case

 
that

 
the

 
user

 
has

 
disabled

 
cookies

 
?




 
To

 
continue

 
,

 
A

 
HREF="

 
nextpage.php

 
?

 
?php

 
echo

 
SID

 
?

 
"

 
click

 
here

 
/

 
A





הערה :

  • session.save_handler session.save_handler defines the name of the handler which is used for storing and retrieving data associated with a session .

  • אזהרה

  • session.name specifies the name of the session which is used as cookie name .

  • session.auto_start session.auto_start specifies whether the session module starts a session automatically on request startup .

  • session.cookie_lifetime session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser . The value 0 means " until the browser is closed . " Defaults to 0 .

  • session.gc_probability session.gc_probability specifies the probability that the gc ( garbage collection ) routine is started on each request in percent .

  • session.referer_check session.referer_check contains the substring you want to check each HTTP Referer for .

  • session.entropy_file session.entropy_file gives a path to an external resource ( file ) which will be used as an additional entropy source in the session id creation process .

  • session.entropy_length session.entropy_length specifies the number of bytes which will be read from the file specified above .

  • Defaults to / .

  • session.cookie_domain session.cookie_domain specifies domain to set in session_cookie .

  • session.use_trans_sid whether transparent sid support is enabled or not if enabled by compiling with --enable-trans-sid .

  • url_rewriter.tags spefifies which html tags are rewritten to include session id if transparent sid support is enabled .

הערה :



תוכן העניינים:
session_cache_expire -- Return current cache expire
session_cache_limiter -- Get and/or set the current cache limiter
session_decode -- Decodes session data from a string
session_destroy -- Destroys all data registered to a session
session_encode -- Encodes the current session data as a string
session_get_cookie_params -- Get the session cookie parameters
session_id -- Get and/or set the current session id
session_is_registered -- Find out if a variable is registered in a session
session_module_name -- Get and/or set the current session module
session_name -- Get and/or set the current session name
session_readonly -- Begin session - reinitializes freezed variables, but no writeback on request end
session_register -- Register one or more variables with the current session
session_save_path -- Get and/or set the current session save path
session_set_cookie_params -- Set the session cookie parameters
session_set_save_handler -- Sets user-level session storage functions
session_start -- Initialize session data
session_unregister -- Unregister a variable from the current session
session_unset -- Free all session variables
session_write_close -- Write session data and end session