[thelist] any PHP session experts out there?

Seth Fitzsimmons seth at collegepublisher.com
Wed Dec 11 21:58:13 CST 2002

> // Create a new Session Value
>    session_register('name');
> // Register the input with the value
>    $_SESSION['name'] = $name;

Since 4.1.0, session_register('name') is redundant and unnecessary.

"Use of $_SESSION (or $HTTP_SESSION_VARS with PHP 4.0.6 or less) is
recommended for improved security and code readablity. With $_SESSION,
there is no need to use the session_register(), session_unregister(),
session_is_registered() functions. Session variables are accessible like
any other variables."

Double-check to see that $_SESSION['name'] contains what you expect.  If
it doesn't on this page, it definitely won't in the future.

> I suppose $_SESSION['name'] = $name; could be $_SESSION['name'] =
> $_POST['name']; as well, but I like using the globals myself.

Reminder: register_globals must be on for that to work.  Keep in mind
that there are reasons that it defaults to off since 4.2.0.  If you're
using the globals to allow for data to come from GET / POST / Cookie
data, you can use the $_REQUEST array instead.  It's safer to know where
your data is coming from to prevent the possibility that it'll be spoofed.

> Then I send them to a products page, where I want to display the name
> from the session to see if it is working. I do:
> // start the session
> session_start();
> header("Cache-control: private"); //IE 6 Fix
> at the top of the page, then
> Hey <? echo $_SESSION['name'];?>
> in the page, and I get nothing but blanks.

You can try print_r($_SESSION) to see if it contains anything.  Also, as
I wrote before, make sure that $_SESSION contains what you think it does
before moving onto an subsequent page.

Good luck.


More information about the thelist mailing list