tags:

views:

209

answers:

8
Q: 

PHP: thumb-rules for sessions

I had to break my too complex project, about 100files, to small files. A problem is that it is still hard to see the logic, getting nice heap of session errors:

`Cannot send session cookie - headers already sent by`

How do you manage your session commands, such as "session-start" and "ob-end-flush"? Do you add them to the beginning and end of your index.php or have some centralised file to manage them?

Please, have one thumb-rule per answer.

+1  A: 

Maybe you could just use session autostart to ensure that the session is started before any output?

http://us.php.net/manual/en/session.configuration.php#ini.session.auto-start

Kamil Szot  2009-09-06 19:39:33
I didn't know this was possible, thanks!
Fiarr  2009-09-06 19:44:59
Performancewise, it's usually not a good idea to turn session autostart on. And it shouldn't have to be the solution to your problem it'd be more like a bad hack.
André Hoffmann  2009-09-06 20:21:50
You also might want to see this site which f.e. points out that during a started session the browser cache isn't working: http://www.mikebrittain.com/blog/2008/03/10/improve-php-performance-by-limiting-session-cookies/
André Hoffmann  2009-09-06 20:38:44
If you have site where almost every script does start_session() then there will be no performance hit on switching session autostart on.If part of you site does not use session you may use auto prepend to include file before every script that will determine whether running script should have session started or not and do start_session() if it should.http://pl.php.net/manual/en/ini.core.php#ini.auto-prepend-file
Kamil Szot  2009-09-06 20:46:49
A: 

All that error generally means is that you've already output something. The way I always got round this was to use some templating engine to help me remember to only send output in one place, after I'm done doing everything else. I used smarty, but there's loads of others.

Dominic Rodger  2009-09-06 19:40:48
A: 

  • Use some kind of response object to aggregate your data/headers.

    This allows you to be sure that you can send all headers simultaneously and start sessions only when necessary etc.

    Pros

    • Simplifies response handling.
    • Enables you to aggregate content, and send different output if an exception is thrown, since the client has not yet received any data

    Cons

    • You will not be able to send chunks of data to the client as early as possible
PatrikAkerstrand  2009-09-06 19:41:50
+1  A: 

I generally put them at the start/end of index.php and then include() the content pages. This seems to be a robust solution as you can guarantee your session is started and will be cleaned up after the content.

Tom Woolfrey  2009-09-06 19:41:54
A: 

Hi,

If you want your project to become logically well-organized, session management doesn't need to be in the beggining of the code .. In fact, if your code is well organized, you can even put it almost at the end of the process, if you care not to echo any kind of string before it.

Personally, I prefer to treat sessions and ob as different libraries (created by myself in php to be handled my way), and think that's the best sollution. But that deppends on what you want to achieve.

yoda  2009-09-06 19:42:30
+2  A: 

You need to use session_start() before any and all code that does any output (including, but not limited to sending headers, cookies) so the top section of the first file that gets executed during a pageload is a safe place.

code_burgar  2009-09-06 19:42:59
+2  A: 

You could use a custom session handler implemented as singleton that calls session_start when it’s initially created. Any further session operations are then performed on that session object.

The output controll issue can be solved by calling ob_start at the begin of your index script. Calling ob_end_flush is not necessary as the output buffer is flushed automatically at the end of the script execution.

Gumbo  2009-09-06 19:49:50
+3  A: 

This might not be what you are asking for, but just as a little hint:

I always leave the <?php tag open like this:

<?php
class foo {
    //...
}

//EOF

That way you can't have any line breaks(unintended output before the session started) after the ?> which would be very hard to trace down.

This convention is also used by the Zend Framework.

André Hoffmann  2009-09-06 19:51:19

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases