tags:

views:

79

answers:

5
Q: 

How can I uses sessions if register_globals is set to off?

Because of security reasons, register_globals is set to off. And that sucks, because right now I could really have use of sessions.

How do you guys solve this "problem"?

UPDATE

I have tried using $_SESSION, but it's not working. That's why I thought it had something to do with register_globals being off.

In my header file, I have the following code:

session_start();
if (!isset($_SESSION['test'])) {
  $_SESSION['test'] = "Foo bar";

Now, anywhere in my header file, I can output the content of $_SESSION['test'].

But I'm not able to output the same content from e.g. page.php file.

Here is an example using Wordpress: example.php

//Include the header file
<?php get_header(); ?>

  Here is some text, and this is my session: <?php echo $_SESSION['test']; ?>

<?php get_footer(); ?>

This will result in an empty Session.

+1  A: 

All session variables will be in the $_SESSION array. Use $_SESSION['var'] instead of the globally registered $var.

Gumbo  2010-01-21 19:16:07
That's what I thought as well. But my example above isn't working. So I must be missing something..
Steven  2010-01-21 19:29:28
@Steven: Are you using the same session? Check out what session ID is used (see `session_id` function). It needs to be the same on every call.
Gumbo  2010-01-21 19:34:10
It seems I have to add session_start() in every file where I will be using sessions. I was hoping it would be enough to set this in the header file...
Steven  2010-01-21 19:43:58
@Steven: I thought you already did that. (Although changing *register\_globals* shouldn’t change the session behavior at all.)
Gumbo  2010-01-21 19:49:40
I only set the session_Start() in my header.php. If I don't set it in page.php as well, I'm not able to output my sessions.
Steven  2010-01-21 19:53:57
@Steven: Yes, but I thought you’re including your *header.php* in all of your scripts.
Gumbo  2010-01-21 19:55:53
Yes I am... :-/
Steven  2010-01-21 20:07:44
+3  A: 

Use the super-global $_SESSION array to store values. It's contents are stored between requests, and seamlessly serialized and deserialized - don't worry about storing objects or arrays. A simple example:

<?php

 if (isset($_SESSION['user'])) {
   // user already logged in
 } else {
   // Create a guest user
   $user = new stdClass();
   $user->name = 'guest';
   $user->id = 0;

   $_SESSION['user'] = $user;
 }

?>
meagar  2010-01-21 19:16:12
+4  A: 

Use $_SESSION, see http://php.net/manual/en/session.examples.basic.php

johannes  2010-01-21 19:16:18
That was the first thing I tried. Didn't work.
Steven  2010-01-21 19:28:02
What shows up if you `print_r($_SESSION);`?
ceejayoz  2010-01-21 19:32:39
Nothing. But when I added session_start() at the top of my page.php file, it worked. It's annoying that I have to include this in every file where I will be using sessions. I was hoping it would be enough to set this in the header file :(
Steven  2010-01-21 19:42:50
+1  A: 

If sessions aren't working, there are a couple of things to check:

  • Make sure that the session is being started; call session_start() if needed - there's an option (session.auto_start) in PHP.ini which can be toggled.
  • Check that session.save_path points to a valid location which is writeable - check permissions. Under Windows, the default setting is an invalid path for that platform.
  • Check the PHP error log for pointers, in case something's going wrong.
  • Check the browser isn't blocking session cookies.

You might take a look in the aforementioned session.save_path to inspect whether or not session files are being created.

I've assumed use of the default file-based session handler. If using something else (which would require additional configuration), then there might be further troubleshooting steps.

Rob  2010-01-21 19:33:11
hmm.. thanks. Didn't know there was a `session.auto_start`. I'm not sure if my ISP allows me to set my own php.ini settings though :( But now I know I have to call session_start() each time before I use sessions. I was hoping it would be enough to call this in my header file - since it's loaded every time.
Steven  2010-01-21 19:46:09
A: 

are you using IIS webserver? had similiar "strange" problems with and older IIS version and php4. check your session.save_path in php.ini and assure that your webserver has write access to the directory configured in session.save_path.

flurin  2010-01-21 19:34:21

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases