0

I have already seen this identical opposite question and its OP code sample seems perfectly fine to me. I've also read (including PHP docs) that session can be checked with session_status() on PHP >= 5.4 and it should be fine to do so before calling session_start() to determine if it already exists.

Now, I'm using PHP 5.4.16 on a CentOS 7.10 machine and the session_status() always returns 1 (PHP_SESSION_NONE) for me, only when I reload the page with this example:

<?php
$status = session_status();
session_start();
echo "The session status is : $status";

I expect it returns PHP_SESSION_ACTIVE (2) when I reload page (and I'm not forcing-reload with cache clear). I'm using latest Chrome version, and the page is embedded inside a virtual host with HTTPS over port 8443.

I've checked the PHP version with both php --version and via phpinfo() script to discard any version conflict just in case, and they're same. Additionally, when I visit the session script page, the server creates empty files at /var/lib/php/session directory. I didn't change default PHP settings for session or anything.

To make it clear: the session_status() works fine if checked afterwards on same script execution (The session status is : 2), but naturally I'm not interested in that since I want to check if session exist in first place.

What could be wrong?

Dharman
  • 30,962
  • 25
  • 85
  • 135
Adrián
  • 45
  • 1
  • 3
  • 12
  • So u r saying when u reload ur session is lost?? – Paul Baiju Oct 13 '20 at 12:42
  • 4
    **Danger**: PHP 5.4 has been unsupported and not got a security update in over half a decade. 5.4.16 is from May 2013 and [packed with vulnerabilities](https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-149817/PHP-PHP-5.4.16.html). Upgrade it as soon as possible! – Quentin Oct 13 '20 at 12:43
  • `PHP_SESSION_NONE if sessions are enabled, but none exists.` from documentation, means, to me so i could be wrong, that your configuration enabled session, therefore you don't get `0 (PHP_SESSION_DISABLED)` but your session is not started yet. So you get a `PHP_SESSION_NONE` as result. – Frankich Oct 13 '20 at 12:51
  • Your fetching the status before you start the session. Why would it be anything but "none" at that point? That function gives you the current status on the current request. – M. Eriksson Oct 13 '20 at 13:06

2 Answers2

2

In my experience, session_status() only allow you to know if a session has been started, so if session_start() has been called in the current script.

  • PHP_SESSION_DISABLED I think that this is returned if session are disabled in PHP configuration.
  • PHP_SESSION_NONE is returned if the session has not been started in the current script
  • PHP_SESSION_ACTIVE if a session has been started in the current script.

This post might interrest you https://stackoverflow.com/questions/32356373/how-to-disable-session-in-php#:~:text=You%20can%20disable%20the%20session,ini%20.

A way to check if a session has been started in a different script would be


<?php

session_start();

if (!isset($_SESSION['init'])) {
   echo 'first time session';
   $_SESSION['init'] = true;
}
magrigry
  • 405
  • 2
  • 8
2

Your session_status will always be PHP_SESSION_NONE until you call session_start in the lifetime of the current request. It does not matter if on some previous request you "already started" a session: you need to "re-start" it, to resume a previously started session. This is done via cookies.

If your intent is to start a session only if the user already did something in the past that started a session (eg. they already logged in previously) and you want to resume a session but not start a new one, then you could simply check if (isset($_COOKIE['PHPSESSID'])).

This may be beneficial if you know most of your users won't need a session, and you want to avoid cookies and the overhead involved with a session, but still be able to handle the cases when a session is needed.

Palantir
  • 23,820
  • 10
  • 76
  • 86
  • 1
    Thanks, that was it. The main problem is I was assuming previous sessions are inmediately available when you reload page. I don't find the opposite obvious. – Adrián Oct 13 '20 at 14:17