Edit report at http://bugs.php.net/bug.php?id=16349&edit=1

 ID:               16349
 Comment by:       edwardmillen at aol dot com
 Reported by:      adam at adeptsoftware dot com
 Summary:          no way to tell if a session exists without starting it
 Status:           Open
 Type:             Feature/Change Request
 Package:          Feature/Change Request
 Operating System: WinXP
 PHP Version:      4.1.2

 New Comment:

I've just run into this issue myself (or one of the issues mentioned
here anyway, I wanted to only start a session if the user is already
logged in, or at the point of logging in with a correct
username/password, rather than starting a session for every
unauthenticated page request).



I've found one way round it which seems to work for me at least, which
is to check whether the session cookie is set, like so:



if(isset($_COOKIE[session_name()])){session_start();}



(the session name, and therefore the name of the cookie, is normally
PHPSESSID by default, and the value of that cookie should be the session
ID if you need it)



I then used the following code in the login page after successful
verification of the username/password, before starting to set session
variables:



if(session_id()==''){session_start();}



Obviously this method will only work with cookie-based sessions, I
haven't looked into how exactly PHP handles URL-based sessions, but I
expect it would just be a matter of checking $_GET as well as $_COOKIE.



Also, this obviously won't help if you need to check whether a given
session ID already exists on the server or not, which I think is a
slightly different issue.


Previous Comments:
------------------------------------------------------------------------
[2009-07-20 09:46:34] schung at iboxweb dot com

I agree, a session_exists() is needed.  There is no other good way to 

check whether a session exists.  This is still a needed feature.

------------------------------------------------------------------------
[2006-08-30 07:50:48] stefan at stefankoopmanschap dot nl

I have a similar issue. I pass the session ID in XML communication
between a desktop application and my server. When a request comes in, I
want to ensure that a session with the passed session id exists before I
start it. It seems this is not possible at the moment. I am, by the way,
using PHP5, not PHP4.



An additional session_exists() feature would be great!

------------------------------------------------------------------------
[2005-10-28 23:30:32] jon at fuck dot org

it would be great to be able to get the correct session_id() before
starting a session. currently, said function returns null if the session
has not started yet, whether or not there is an existing one. the
overhead of creating the session is the problem, though, so if doing so
is still necessary in order to retrieve the id, then some other means --
i.e., a session_exists() function -- would be sufficient for cutting the
overhead when managing ungodly amounts of sessions.

------------------------------------------------------------------------
[2005-10-28 23:21:20] da...@php.net

powerblade's comment is incorrect, the point of this bug is to determine
whether the user has a session without creating a new one if they do
not. (session_id always returns a blank string prior to session_start(),
regardless of whether an actual session exists).



Example: a site wishes to print "Hello <username>" at the top of every
page. Username is stored on a session. The site must therefore resume
the session to retrieve this username. But it is pointless to *create* a
session just for this purpose. A bunch of useless 0-byte sess_* files
are wastefully created.



In Java, one would do request.getSession(false) - the parameter 'start'
set to false causes this function to return null if no session already
exists.



In PHP, better semantics would be to add a function such as bool
session_exists()



This still needs to be addressed.

------------------------------------------------------------------------
[2002-12-03 15:37:01] powerblade at mail dot dk

I had the same problem. I wanted to knew if the session was started or
not.

I found out i should do a session_id(); If it returns "null" then it's
not

started yet, else it returns the session id.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    http://bugs.php.net/bug.php?id=16349


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=16349&edit=1

Reply via email to