[PHP-DEV] [PHP-QA] playing with sessions... (fwd)

Mon, 26 Nov 2001 01:30:26 -0800 

Forwarding to PHP DEV...

(Oh, php 4.1.0 is already packed, and will be announced later today by
Zeev iirc).

Derick

---------- Forwarded message ----------
Date: Mon, 26 Nov 2001 10:13:54 +0000
From: Hellekin O. Wolf <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [PHP-QA] playing with sessions...

Hello,

an overview of sessions in 4.1.0RC3 (compiled with --enable-trans-sid)

-> register_globals = off

session_is_registered() will return true but $_SESSION and
$HTTP_SESSION_VARS are empty.
This is unusable.

-> register_globals = on + session.use_cookie = off

Loose session when used on multiple pages. Single page works OK.
This configuration requires setting "?".session_name()."=".session_id() on
links for multiple pages sessions.

-> register_globals = on + session.use_cookie = on

Works well with both single and multiple pages (if the client accepts cookies).
Warning for those used to register_globals = off :
        *ALL* session variables should be registered just after session_start().
        If you don't do that, you may set a global $var that will OVERRIDE
$_SESSION['var']
        which is not true with register_globals = off.

Example :

<?php

session_start();
if (!session_is_registered('count')) session_register('count');
if (!session_is_registered('test')) session_register('test');

$count  = NULL; // Will override $_SESSION['count'] !!!
// Instead you have to do :
$test   = $_SESSION['test'];    // which is empty by default, overriding any
globals sent by client.

echo ++$count.":".++$test;
?>

or you can use :

<?php

/* this was adapted from the manual */
function session_init_var($var,$val) {
        if (!session_is_registered($var)) {
                global $var;
                $var    = $val;
                return session_register($var);
        }
}

?>

hellekin


-- 
PHP Quality Assurance Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to