Is it possible to check for a session with out starting one?
The reason that I ask is, the app I am developing has an integrated admin interface. So when an admin is logged in they browse the same pages as the users to make their edits. Fields and options are shown based on the users privs.
This is causing two problems.
One is Because a session is being started, I can not enable browser caching features as the headers being sent are always:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
I am using smarty to output the templates, and can't implement the:
$smarty->cache_modified_check = true;
to send a 304 not modified because a session has already been started. Using the above smarty param would be the perfect solution to browser caching for me.
Two is because every person using the site is starting a session the session directory gets filled with unneeded sessions.
I could just destroy the session if the user is not logged in, but then every single page load, the user would be creating and deleting a session. Is that bad practice?
So if I could just check to see if an active session exists without starting one all my problems would be solved. Any ideas? Doesn't the browser send the session cookie when requesting the page?
Something Ideally like this:
if (session_exists) {
session_start();
$users->priv = $_SESSION['priv'];
}
else {
$users->priv = guest;
}
--------------- In response to Tony Miller ---------------
When using session_id(), you have to already have a session started for it to return an id.
session_start();
echo session_id($_SESSION);
or you can set an id for the session before calling session start
session_id("adfasdf");
session_start();
echo session_id($_SESSION);
//prints "adfasdf"
Neither of these help me. Unless I am missing something.