0

I would like to know why session_name() seems to be working only one single time?

My situation where I use session_name() is that I have a PHP script which receives a HTTP request with 2 cookies:

Cookie: PHPSESSNAME1=sessionid1; PHPSESSNAME2=sessionid2

I use PHP's session_name() function to indicate the name of the session I would like to start (e.g. either PHPSESSNAME1 or PHPSESSNAME2), thus expecting that this information is used to indicate the respective cookie to be used to determine the session_id.

This works well in both cases, for case PHPSESSNAME1:

session_name('PHPSESSNAME1');
session_start();
echo session_id(); 
session_write_close();
// outputs -> 'sessionid1'

and equaly for PHPSESSNAME2

session_name('PHPSESSNAME2'); 
session_start();
echo session_id(); 
session_write_close();
// outputs -> 'sessionid2'

where each time the session_name() call resulted into the respective session_id having been read. Used only one single time the session_name() function as expected.

However, it does not work together

//(1) start session named PHPSESSNAME1
session_name('PHPSESSNAME1');
session_start();
echo session_id(); 
session_write_close();

echo ' , ';

//(2) continue with PHPSESSNAME2
session_name('PHPSESSNAME2'); 
session_start();
echo session_id(); 
session_write_close();
// outputs -> 'sessionid1 , sessionid1'

The result shows me that after the first session named PHPSESSNAME1, was used, another call to session_name('PHPSESSNAME2'); did not - as I thought - make the "PHP session magic" update the session id to the correct value of sessionid2.

Reading the documentation:

The session name is reset to the default value stored in session.name at request startup time. Thus, you need to call session_name() for every request (and before session_start() or session_register() are called).

makes me think, that session_start is designed with the shortcoming of only working once, so that I would have to manually patch the updating of the session_id for the second session PHPSESSNAME2, e.g somthing like this

session_name('PHPSESSNAME2');
// manually update the session_id (as session_name only works once)
session_id(isset($_COOKIE['PHPSESSNAME2'])?$_COOKIE['PHPSESSNAME2']: null);
session_start();

Hence my question: Is there a good reason, why session_name only works a single time, or is this merely a deficiency of PHP session handling?

humanityANDpeace
  • 4,350
  • 3
  • 37
  • 63
  • My question, what good reason do you have for trying to use two distinct sessions in one script instance (or one request response cycle, however you want to put it) in the first place? _Or is this merely a deficiency of your application logic?_ ;-) – CBroe Apr 15 '18 at 16:21
  • _"makes me think, that session_start is designed with the shortcoming of only working once"_ - I would that rather call being designed on the _principle_ that a session is a pretty singular thing. The need to access two sessions in one request is a rather special one; that you might have to write your own session handler is therefor a possibility. – CBroe Apr 15 '18 at 16:24
  • @CBroe Please trust me that there is good reason to use more than one session at once. My case is that my php script (starting from stateless http) needs to keep track of dynamic content that is 1x client-specific, and 1x client-independent. Both data changes and however should be accessed in the script, where for storing PHP session's are employed. I would however agree that there is a general attitude that PHP is more frequently used with "*there will always ever be 1 session per script*" idea :) – humanityANDpeace Apr 15 '18 at 17:43
  • @CBroe Also. in part, I have stumpled upon the "shortcoming" in context of answering the question ["PHP How can I create multiple sessions"](https://stackoverflow.com/q/24964699/1711186), where the OP was attempting using `session_name` multiple times as well. My argument is that the OP was correct in attempting session_name and not necessarily best adviced with the answer given. Also PHP documentation is not very clear, which incentivated me to ask here for clarification – humanityANDpeace Apr 15 '18 at 17:49

0 Answers0