50

Is this bad practice?

if ($_SESSION['something'] == '')
{
    echo 'the session is empty';
}

Is there a way to check if its empty or it is not set? I'm actualy doing this:

if (($_SESSION['something'] == '') || (!isset($_SESSION['something'])) {
    echo 'the session is either empty or doesn\'t exist';
}

Does !isset just checks if a $_SESSION[''] exist and doesn't check if, is there are values in the array or not

willdanceforfun
  • 11,044
  • 31
  • 82
  • 122

7 Answers7

112

I would use isset and empty:

session_start();
if(isset($_SESSION['blah']) && !empty($_SESSION['blah'])) {
   echo 'Set and not empty, and no undefined index error!';
}

array_key_exists is a nice alternative to using isset to check for keys:

session_start();
if(array_key_exists('blah',$_SESSION) && !empty($_SESSION['blah'])) {
    echo 'Set and not empty, and no undefined index error!';
}

Make sure you're calling session_start before reading from or writing to the session array.

Shiv Singh
  • 6,939
  • 3
  • 40
  • 50
karim79
  • 339,989
  • 67
  • 413
  • 406
  • 9
    no need to use isset if you are already using empty. empty will also check if the variable exists, i.e. is not null/undefined – knittl Oct 05 '09 at 12:47
  • 1
    No need to use isset AND empty. – Patrick Desjardins Oct 05 '09 at 12:49
  • 6
    @knittl It's good practice to actually make sure you have the variable before testing to see if it's empty. – random Oct 05 '09 at 12:49
  • 2
    @knittl - but then we don't know if it's been set or not, whether it's not set *or* empty true will be returned. I tend to use the above, but it might not always be needed. – karim79 Oct 05 '09 at 12:50
  • 4
    Empty return false when not exist or null or "" or empty array. Why would you need to check if isset too? Read the help file : http://ca.php.net/empty – Patrick Desjardins Oct 05 '09 at 12:52
  • 2
    @Daok Variables can both exist and be blank. Checking to see if it exists AND is empty is a good idea. – random Oct 05 '09 at 12:52
  • usually you either want to check if the variable exists (`isset`) or if it contains any value evaluating to false (0, "0", null, false, …) (`empty`). `empty` will also return true on unset variables, so you don’t need `isset` first – knittl Oct 05 '09 at 12:54
  • 3
    @random it is __not__ good practice! Its just redundant. See http://stackoverflow.com/questions/4559925/why-check-both-isset-and-empty – Adam Mar 24 '17 at 11:26
  • The issue I have is when I do form submission it shows the session isn't empty but doesn't pull value for the session for some reason. Any idea why that may happen. – Si8 Apr 19 '18 at 16:05
  • So I have to use `isset` or checking `empty` is sufficient enough? – Si8 Apr 19 '18 at 16:15
  • oh wow, on my logout page, I forgot to call the session_start(); at the top of the page, otherwise it would run without any errors, and without actually unsetting the session variables. – hamish Jul 15 '19 at 16:37
  • @PatrickDesjardins If you do not check empty it will try to do some strange things like: Array to string conversion in It tries to take your empty session log and convert to an array..... – Yunfei Chen Oct 09 '20 at 23:53
12

Use isset, empty or array_key_exists (especially for array keys) before accessing a variable whose existence you are not sure of. So change the order in your second example:

if (!isset($_SESSION['something']) || $_SESSION['something'] == '')
Gumbo
  • 643,351
  • 109
  • 780
  • 844
6

you are looking for PHP’s empty() function

knittl
  • 246,190
  • 53
  • 318
  • 364
4

You could use the count() function to see how many entries there are in the $_SESSION array. This is not good practice. You should instead set the id of the user (or something similar) to check wheter the session was initialised or not.

if( !isset($_SESSION['uid']) )
    die( "Login required." );

(Assuming you want to check if someone is logged in)

svens
  • 11,438
  • 6
  • 36
  • 55
4

If you want to check whether sessions are available, you probably want to use the session_id() function:

session_id() returns the session id for the current session or the empty string ("") if there is no current session (no current session id exists).
mjs
  • 63,493
  • 27
  • 91
  • 122
0
if(isset($_SESSION))
{}
else
{}
hfarazm
  • 1,407
  • 17
  • 22
0

I know this is old, but I ran into an issue where I was running a function after checking if there was a session. It would throw an error everytime I tried loading the page after logging out, still worked just logged an error page. Make sure you use exit(); if you are running into the same problem.

     function sessionexists(){
        if(!empty($_SESSION)){
     return true;
         }else{
     return false;
         }
      }


        if (!sessionexists()){
           redirect("https://www.yoursite.com/");
           exit();
           }else{call_user_func('check_the_page');
         }
Glenn
  • 79
  • 1
  • 10