Referencing session variables in PHP

Question

Lets say I'm storing an array or object called $_SESSION["logged_in_user"].

If I need to refer to it repeatedly throughout the script, which of the following is the "best practice"?

• Use $_SESSION["logged_in_user"] each time (i.e. $_SESSION["logged_in_user"]["first_name"])?

• Copy the object into a new variable like $logged_in = $_SESSION["logged_in_user"]?

• Create a reference to the session variable like $logged_in =& $_SESSION["logged_in_user"]

I'm probably overthinking this, but my main concerns are script overhead and readability. I'm not sure if referring to a session variable repeatedly is slower than referring to an inline-declared variable. I also don't know if copying a session variable into a "regular" variable adds more overhead than is necessary. I do like the readability of $logged_in["first_name"] over $_SESSION["logged_in_user"]["first_name"].

So is there a best practice here, or does it really not matter?

Answer 1

You're not over-thinking it in my opinion.

But unless you have some session wrapper/manager class, then I would just use:

$_SESSION['logged_in_user']

Either way it's not a huge deal. Use whatever works for you.

Answer 2

$_SESSION is a special PHP superglobal array. So you technically can refer to it whenever you want by just using it:

$_SESSION['logged_in_user']

However, it's special as well because it can change. The following example makes this visible:

$alias =& $_SESSION;
session_start();
$alias['foo'] = 'bar';

This code won't set $_SESSION['foo']. The $alias is pointing to a previous $_SESSION, session_start() has created a new session.

If you know the caveats like these you can naturally create your own $_SESSION abstraction.

Answer 3

You're not overthinking it.... thinking is good!

I personally use symfony 1.4 to code in, which solves problems like these, but you may choose to stay lean :-)

I'd think OO (object oriented). Create a user class. Then make calls like UserFactory::getCurrentUser() or User::getCurrentUser() which will return the currently logged in user object. Among the member variables of that class would be the user_id. However, you'll be able to add addition functionality and data to that class.

Remember, thinking in OO means using abstract terms that are very close to the problem domain. User, Car, Order, etc. You don't have to be specific and you don't have to include all available information in that class for it to be "complete", whatever that is. Only include the data that you need at the time (keep yagni in mind). The classes are illusions of the concrete, real-world things. Just as 3D modelling is an illusion of a real world thing.

Hope that helps...

Answer 4

$_SESSION["logged_in_user"]["first_name"]

Stay simple; & don't add over heads for making new rooms for the same variables.

Answer 5

You can create a class to manage your session:

class MySession {

  public static &get( $key ){

    if( !array_key_exists( $key, $_SESSION ){
      return null;
    } 

    return $_SESSION[$key];

  }

}

That way you don't have to worry about how to retrieve values, you're not duplicating any data:

$first_name = MySession::get( 'first_name' );

Note: this solution deals with accessing the session and not with your specific implementation :)