Reputation: 3416
How can you check if a PHP session exists?
Just wondering how to check if a PHP session exists... My understanding is that no matter what, if I am using sessions, I have to start my files with session_start() to even access the session, even if I know it already exists.
I've read to user session_id() to find out if a session exists, but since I have to use session_start() before calling session_id(), and session_start() will create a new ID if there isn't a session, how can I possible check if a session exists?
Upvotes: 19
Views: 94373
Answers (11)
Reputation: 9
I solved this three years ago, but I inadvertently erased the file from my computer.
it went like this. 3 pages that the user had to visit in the order I wanted.
1) top of each php page
enter code heresession start();enter code here
2) first page:
a) enter code here$_session["timepage1"] = a php date function; time() simple to use
b) enter code here$_session["timepage2"]= $_session["timepage1"];
b) enter code here$_session["timepage3"]=$_session["timepage1"];
3) second page:
a) enter code here$_session["timepage2"] = a php date function; time() simple to use
b) enter code here$_session["timepage3"]= $_session["timepage3"];
3) third page:
a) enter code here$_session["timepage3"] = a php date function; time() simple to use
the logic: if timepage3 less than timepage3 on page 2 {the user has gone to page 3 before page 2 do something}
if timepage2 on page 2 less than timepage1 {the user may be trying to hack page two we want them on page 1 do something}
timepage1 should never equal timepage2 or timepage3 on any page except page1 because if it is not greater on pages two or three the user may be trying to hack "do something"
you can do complex things with simple arithmetic with the 3 timepage1-2-3 variables. you can either redirect or send a message to say please go to page 2. you can also tell if user skipped page 2. then send back to page 2 or page one, but best security feature is say nothing just redirect back to page1.
if you enter code hereecho time(); on every page, during testing, you will see the last 3 digits going up if you visit in the correct order.
Upvotes: -1
Reputation: 11
Check if session exists before calling session_start()
if(!isset($_SESSION))session_start();
Upvotes: 1
Reputation: 13
switch off the error reporting if noting is working in your php version put top on your php code
error_reporting(0);
Upvotes: 0
Reputation: 1989
isset($_SESSION)
That should be it. If you wanna check if a single session variable exists, use if(isset($_SESSION['variablename'])).
Upvotes: 18
Reputation: 141
I find it best many times (depends on the nature of the application) to simply test to see if a session cookie is set in the client:
<?php
if (isset($_COOKIE["PHPSESSID"])) {
echo "active";
} else {
echo "don't see one";
}
?>
Of course, replace the default session name "PHPSESSID" with any custom one you are using.
Upvotes: 14
Reputation: 10860
Store the session_id in $_SESSION and check against it.
First time
session_start();
$_SESSION['id'] = session_id();
Starts a session and stores the randomly given session id.
Next time
session_start();
$valid_session = isset($_SESSION['id']) ? $_SESSION['id'] === session_id() : FALSE;
if (!$valid_session) {
header('Location: login.php');
exit();
}
Starts a session, checks if the current session id and the stored session id are identical (with the ternary ? as replacement for the non-existing short circuit AND in php). If not, asks for login again.
Upvotes: 0
Reputation: 347
In PHP versions prior to 5.4, you can just the session_id() function:
$has_session = session_id() !== '';
In PHP version 5.4+, you can use session_status():
$has_session = session_status() == PHP_SESSION_ACTIVE;
Upvotes: 24
Reputation: 33
isset($_SESSION) isn't sufficient because if a session has been created and destroyed (with session_destroy()) in the same execution, isset($_SESSION) will return true. And this situation may happen without your knowing about it when a 3rd party code is used. session_id() correctly returns an empty string, though, and can be called prior to session_start().
Upvotes: 3
Reputation: 22570
I've always simply used
if (@session_id() == "") @session_start();
Hasn't failed me yet.
Been quite a long time using this.
NOTE: @ simply suppresses warnings.
Upvotes: 0
Reputation: 197648
In PHP there is something called the session name. The name is co-related to the cookie that will be being set if the session was already started.
So you can check the $_COOKIE array if there is a session cookie available. Cookies are normally the preferred form to interchange the session id for the session name with the browser.
If a cookie already exists this means that a PHP session was started earlier. If not, then session_start() will create a new session id and session.
A second way to check for that is to check the outgoing headers if the cookie for the session is set there. It will be set if it's a new session. Or if the session id changed.
Upvotes: 7
Reputation: 3867
You can call session_id before session_start. http://www.php.net/manual/en/function.session-id.php - read the id param
Upvotes: 0
Related Questions
- Check if there is a session without using session_start()
- Detect if PHP session exists
- Check if session is set or not, and if not create one?
- Check if session exists in php
- check if session exist and has specific value
- Checking if session exists doesn't work
- Check to see if PHP session exists not working
- Check if session doesn't exist php
- How to check if sessions are on
- Check for existence of sessions