Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Programming Languages >> PHP Related >> PHP
  2. Suggest New Category

How can we know that a session is started or not?

Question Posted / rakesh kumar nautiyal

Answer Posted / rakesh kumar nautiyal

Generally speaking I agree with what your saying about
needing to know
if a session has been started or not. But I also believe
it has its
place for some user land custom session handlers. Being
able to throw
an exception in a session object's __construct() or __wakeup
() for
various reasons can present a situation that is easily
solved inside
__construct() by:

if(session_has_started()) { // Added function via
patch
session_regenerate_id($newID); // Added $newID via
the patch
$_SESSION = array();
} else {
session_id($newID);
session_start();
}

Say there is an authentication token in the session, the
session needs
to be started so we can access the token. If the token
proves to be
invalid, we need to create a blank session with a new
session ID.

> Also, the concept of session_id_exists is
fundamentally
> broken (think of atomic file creation). That is why
there is
> no such function.

I disagree. If a provided session ID via $_REQUEST(for
arguments sake)
is found not to exist by using the theoretical
session_id_exists().
That would mean the script was given an ID that wasn't
created by PHP,
and the script logic could act accordingly. What am I
overlooking?

> Regarding providing an id to session_regenerate_id: I
have
> seen too many supposedly save session id generators
that I
> would be in favor of adding that kind of overwriting
power.

I agree that PHP should be left to create a unique ID. But
the
functionality currently exists for the user to set their
own ID with
session_id($newID). The user has this ability before a
session is
started. But loses the ability when trying to use
session_regenerate_id() in a similar fashion after the
session has
started. It seems like a contradiction to allow it in one
case and not
the other.

I could try and grok the source to figure it out myself,
but someone
here might know off the top of their head. Is calling
something like
md5(uniqid(rand(), TRUE)) better, worse, or equivalent to
how PHP
creates a unique session ID?

Is This Answer Correct ?    1 Yes 3 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

Who is the father of php and what is the current version of php and mysql?

1219

What is the use of header() function in php?

987

Tell me what is the main difference between require() and require_once()?

923

How to convert strings to upper or lower cases?

964

What is $globals php?

956

What is factory pattern in php?

878

Can I learn laravel without php?

965

What is the use of isset() in php?

982

What is url encoding and decoding in php?

1034

What are the features and advantages of object-oriented programming in php?

881

How can you declare a constant variable in php?

967

What is difference between python and php?

909

What is the difference between substr() and strstr()?

1337

What is session and Cokkies . How it works . tell some thing about Session_id()

1910

What is the delimiter syntax is PHP's default delimiter syntax

1199