When to start a session?

Question

I have a system that requires the user to login (or register) for an account before they are able to access their Member 'dashboard'.

My question is... at what point so I session_start()? On the login page and the register page? or after the user has successfully authenticated?

Thanks.

Answer 1

Your session_start() will be called on each and every page that is secure and that is accessed after authentication. You will put the values in session both in login and register pages as they authenticate user. But once the user is verified, now you have to put this function on all pages which needs authentication of the user.

Answer 2

You should start session after verifying user's information, and than you can set user's uid to session variable. which could be useful afterwards in loading user's personal information like profile,preferences etc.

on register page i think you do not need to start session.

Regards

Answer 3

As Helge Helwig said,

you need to add session_start() in the top of every page. However, to make this easier, you can create a PHP document, where you store all vital code like this, and call it; say init.php.

Then you can include 'init.php' at the top of every page, which would clean up the code a bit.

Answer 4

you can start session once user is authenticated. after that you can user related information in S_SESSION and access this info from anywhere.

Answer 5

Start a session on the page(s) that need to access session data. As part of a successful login, you should also call session_regenerate_id to prevent session fixation.

Answer 6

You need to include session_start() on every page where you want the session data to be accessible. And it needs to be called before any other output has been done.