www.webdeveloper.com
Results 1 to 8 of 8

Thread: session_start() and code snippets

  1. #1
    Join Date
    Jun 2010
    Location
    Illinois, USA
    Posts
    7

    Question session_start() and code snippets

    I have a beginner's knowledge of PHP and it's served me well enough to-date. I'm trying to now consolidate code and use more includes and requires in order to eliminate duplicate code. I'm looking for clarification on the use of the session_start() function.

    My current project includes a few forms and emails formatted form data to a given email address. I've used the $_SESSION[] array to store data as I move from input page to processing the input for issues and then mailing formatted data. There is no login or other process through which I track or manipulate any session IDs.

    As I remove as much code duplication as possible, I run into code sections that don't seem to have any need for current session information. I'm just setting variables, etc. and don't access any $_SESSION[] array values or those of any others for that matter.

    Do I need to start those code snippets with session_start()? Or only those code snippets that access $_SESSION[]?

    Also, does calling the session_start() function frequently potentially create a performance problem as seems implied in some information I've found while researching this question?

    Thank you for any constructive insight here!

    -Kazz

  2. #2
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,366
    session_start() is or should be the first line of the PHP page that your visitors browser requests, it should not form part of any file that you include.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  3. #3
    Join Date
    Jun 2010
    Location
    Illinois, USA
    Posts
    7
    Ah, I see. So, I can presume that anything that is included or required becomes part of the parent page with full access to session data?

    Thanks!

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,400
    I'll disagree a tiny bit. The main constraint is that session_start() must be called before HTTP headers are sent, which will be triggered by any output to the browser. Therefore, it's a good idea to have it called as early as possible if you do need it, so that you don't risk something else generating output before that call.

    That being said, I have nothing against putting it in an include file with any other relevant configuration/set-up code that you might want to use in pages on your site, then having each such page require() that include file -- probably one of the first things they do if not the first.

    If you want, you could then include a bit of defensive code in that config file to make sure headers have not yet been sent, and if so, throw an exception, so that you know early on during development you may have an issue.

    config.php:
    PHP Code:
    <?php

    // no direct access to this file:
    if(realpath($_SERVER['SCRIPT_FILENAME']) === realpath(__FILE__)) {
        
    error_log("Someone attempted to access the config file directly via HTTP");
        
    header("HTTP/1.0 404 Not Found");
        exit;
    }

    // start session, unless headers already sent for some reason:
    if(headers_sent()) {
        throw new 
    Exception("Hey, dummy, headers were sent before you loaded the config file.");
    }
    session_start();

    // other general config stuff...
    some_page.php:
    PHP Code:
    <?php
    require "config.php";

    // rest of page....
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Jun 2010
    Location
    Illinois, USA
    Posts
    7
    You've turned this a bit from my original intent. But I thank you for your insights. That's not to say I was at all clear.

    My issue was/is the include and require use inside of a .php page wherein I've already started with a session_start(). It was implied by \\.\ that any such includes and/or requires would be OK without additional session_start() statements.
    Last edited by Kazz5; 02-10-2014 at 08:05 PM.

  6. #6
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,400
    Yep. Including/requiring is as though that included file's code were part of the including file at the point of inclusion, if that helps you visualize it. (And it wins me the prize for the most uses of "inclu*" in a single sentence.)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  7. #7
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,366
    Err on side of caution process, thats why I was saying forst line.

    I suggest that you have the session_start() in the page your visitor calls as the first line, then its fool proof.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  8. #8
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,400
    Or use a framework where all requests go through the same controller file, which takes care of session config/init along with whatever else it does.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles