Edit report at http://bugs.php.net/bug.php?id=16349&edit=1
ID: 16349 Comment by: edwardmillen at aol dot com Reported by: adam at adeptsoftware dot com Summary: no way to tell if a session exists without starting it Status: Open Type: Feature/Change Request Package: Feature/Change Request Operating System: WinXP PHP Version: 4.1.2 New Comment: I've just run into this issue myself (or one of the issues mentioned here anyway, I wanted to only start a session if the user is already logged in, or at the point of logging in with a correct username/password, rather than starting a session for every unauthenticated page request). I've found one way round it which seems to work for me at least, which is to check whether the session cookie is set, like so: if(isset($_COOKIE[session_name()])){session_start();} (the session name, and therefore the name of the cookie, is normally PHPSESSID by default, and the value of that cookie should be the session ID if you need it) I then used the following code in the login page after successful verification of the username/password, before starting to set session variables: if(session_id()==''){session_start();} Obviously this method will only work with cookie-based sessions, I haven't looked into how exactly PHP handles URL-based sessions, but I expect it would just be a matter of checking $_GET as well as $_COOKIE. Also, this obviously won't help if you need to check whether a given session ID already exists on the server or not, which I think is a slightly different issue. Previous Comments: ------------------------------------------------------------------------ [2009-07-20 09:46:34] schung at iboxweb dot com I agree, a session_exists() is needed. There is no other good way to check whether a session exists. This is still a needed feature. ------------------------------------------------------------------------ [2006-08-30 07:50:48] stefan at stefankoopmanschap dot nl I have a similar issue. I pass the session ID in XML communication between a desktop application and my server. When a request comes in, I want to ensure that a session with the passed session id exists before I start it. It seems this is not possible at the moment. I am, by the way, using PHP5, not PHP4. An additional session_exists() feature would be great! ------------------------------------------------------------------------ [2005-10-28 23:30:32] jon at fuck dot org it would be great to be able to get the correct session_id() before starting a session. currently, said function returns null if the session has not started yet, whether or not there is an existing one. the overhead of creating the session is the problem, though, so if doing so is still necessary in order to retrieve the id, then some other means -- i.e., a session_exists() function -- would be sufficient for cutting the overhead when managing ungodly amounts of sessions. ------------------------------------------------------------------------ [2005-10-28 23:21:20] da...@php.net powerblade's comment is incorrect, the point of this bug is to determine whether the user has a session without creating a new one if they do not. (session_id always returns a blank string prior to session_start(), regardless of whether an actual session exists). Example: a site wishes to print "Hello <username>" at the top of every page. Username is stored on a session. The site must therefore resume the session to retrieve this username. But it is pointless to *create* a session just for this purpose. A bunch of useless 0-byte sess_* files are wastefully created. In Java, one would do request.getSession(false) - the parameter 'start' set to false causes this function to return null if no session already exists. In PHP, better semantics would be to add a function such as bool session_exists() This still needs to be addressed. ------------------------------------------------------------------------ [2002-12-03 15:37:01] powerblade at mail dot dk I had the same problem. I wanted to knew if the session was started or not. I found out i should do a session_id(); If it returns "null" then it's not started yet, else it returns the session id. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=16349 -- Edit this bug report at http://bugs.php.net/bug.php?id=16349&edit=1