php session_start with include files

Question

i learned a lot about session start from my previous question. Now i'm wondering how session locking occurs when files are included in other files. Lets say i have:

page.php

include('header.php');
...some html content....
include('sub_page.php');
...more html....

header.php:

session_start();
..save session vars...
..print web page header...

sub_page.php

session_start();
...use session vars....
..print page content...

When i open page.php, does the session become unlocked as soon as header.php is done? or is it live for the whole page.php life, so sub_page's session is blocked? Is the session_start in sub_page necessary? Would it be better practice if I session_write_close every time i'm done with session data? (Though that would mean session_starting everytime i'd like to use a session variable).

so putting all these answers together, since the include just retrieves the file and dumps it as if it were part of page.php, the second session_start isn't a valid statement, so locking isn't an issue. — Andrea, Aug 03 '11 at 17:52

score 12 · Accepted Answer · answered Aug 02 '11 at 16:06

12

You should start session only one time. In your example, just need session_start() at the first line of page.php
session_start() will generate E_NOTICE if session was previously started. You can use @session_start() to ignore it.
It also generates E_NOTICE if you use session_start() after you output HTML code.

answered Aug 02 '11 at 16:06

sonnb

418
2
7

i have session_start in the header because the header is included in all my pages (page.php, page2.php, etc). i had e_notice turned off so i hadn't noticed (::rimshot::) the warning. – Andrea Aug 02 '11 at 17:44
Agree with session_start in header because you are going to use header.php in every page. You should not turn off e_notice while coding, it's good for coding correction – sonnb Aug 03 '11 at 01:57

score 10 · Answer 2 · answered Aug 02 '11 at 15:17

10

I would recommend creating a session.php file that you would include once, at the first line of each page. That way, the session is handled in ONE file, in case you need to change validation or session settings (and don't need to worry about your question).

answered Aug 02 '11 at 15:17

Evan Mulawski

54,662
15
117
144

but what happens when some sub_pages need to use session variables and some don't? – Andrea Aug 02 '11 at 17:45
@Andrea: I'm not sure I understand. When you include a `session.php` that has the session information, it is available to all of the scripts included after it. – Evan Mulawski Aug 02 '11 at 19:04
when you say "handle a session" do you mean "interact with the $_SESSION variable", including both setting and getting from it? – Andrea Aug 03 '11 at 16:53
If a session is present, you can access (read and write to) `$_SESSION` from anywhere in your PHP code, as long as the `session.php` is loaded first. – Evan Mulawski Aug 03 '11 at 17:48
i see. then currently header.php is serving that function. i could see how it would be nice to separate all that session stuff into its own file that header includes. – Andrea Aug 03 '11 at 17:50

James · Answer 3 · 2014-02-23T20:52:22.830

Due to the answers above talking about errors if session already started, I just wanted to point out you can do:

if (!isset($_SESSION))
  {
    session_start();
  }

Then if the $_SESSION is already started (set) it wont perform the start function.

Although there's nothing better than a well structured file and folder layout with a good framework setup. Even if just a simple framework structure which separates business logic from presentation.

This way, you'd have something similar to a config folder with initialisation scripts, or at the very least have include files in some folder which are included in all pages/scripts.

Then you simply have your session_start() in (depending on your setup) either the very first include file, or in a separate include file and then include that session file when needed in a specific area of the script.

Either way, you then don't need to call it in any other files, as you know it's simply not required based on your design structure.

If you do not have a file which is always included, then at least use the isset() check.

score 6 · Answer 4 · answered Aug 02 '11 at 15:15

6

As of PHP 4.3.3, calling session_start() after the session was previously started will result in an error of level E_NOTICE. Also, the second session start will simply be ignored.

answered Aug 02 '11 at 15:15

Rag

6,405
2
31
38

i had E_NOTICE turned off, so i hadn't seen this warning. – Andrea Aug 02 '11 at 17:43

noowie · Answer 5 · 2016-08-28T11:43:39.327

As long as you are not accessing or creating session variables you do not need to worry about session_start(). You only really need to worry about session_start if the script you are running will create session variables, or relies on accessing session variables to function.

If file1 is not accessing or creating variables for use by other scripts then don't call it. If file2 that is included by file1 is creating or relies on variables in the session then file2 should call session_start(). File2 will be included in the session and will be able to access all session variables, but file1 will not.

If you call session_start() in file1, then file2 will be able to access all session vars as if it called session_start().

Hope this clarifies the situation a bit more.

Great tip from James re using isset. This will prevent attempting a pointless session call.

Also check your php.ini file for the session.auto_start var. If this is set to 1 then all files will be run as if they made a session_start() call. Set it to 0 in the php.ini file if you want to control it yourself.

php session_start with include files

5 Answers5

Linked

Related