3

Related

Sessions - Sessions and Statefullness

Sessions - Sessions are Stateful, PHP user code is not

Sessions - Where to use session_start()

Sessions - Statefullness and Runs

Sessions - vs. Mysql

PHP.net

session_start()

session_id()

session_destroy()

Specefic Two ID issue

Sessions - extra ID created

Sessions - extra ID created - Cookie Location

Community
  • 1
  • 1
  • 2
    What specific problems are you seeing on the user side? Session variables not being saved? Is that how you've got to the idea that PHP is generating a new session rather then resuming? Is it possible that the user did not enable cookies, or is deleting his cookies? – Madara's Ghost Dec 26 '11 at 17:44

3 Answers3

2

How can I determine what is the mechanism which causes session_start to create new sessions wrather than resume a previous one?

This is visible in the PHP sourcecode for the session_start function. You need to read the C-code and compare with your usage.

From what I know about sessions, session_start won't start a new session if already one is active. To find out if a session is already active, please see How to tell if a session is active?.

However if a session is started (and it didn't existed earlier) and then closed and you create a new session in the same request, PHP might think that the session does not exists (because the cookie from the browser is still empty). So then a second, also new, session will be started.

If you're unsure what does what, just create yourself a test script where you play around with scenarios.

A possible scenario:

  1. Browser sends request
  2. PHP starts
  3. session_start() is called. No session cookie exists, PHP will create a new session id and will create cookie headers.
  4. you close the session.
  5. session_start() is called. No session cookie exists (in the request), PHP will create a new session id and will create cookie headers.

Two sessions have been created of which one will not be used by the browser for subsequent requests (the session id header for the cookie has been "overwritten" (the last cookie header replaces previous ones for the cookie in question).

To debug things, headers_list can be useful as well as $_COOKIES.

Community
  • 1
  • 1
hakre
  • 193,403
  • 52
  • 435
  • 836
  • Just [click the link](http://lxr.php.net/opengrok/xref/PHP_5_3/ext/session/session.c#1361), it's php's lxr, it has all the source code. This has nothing to do with Zend minimal library. – hakre Dec 26 '11 at 18:01
  • That's not a bug. It's the intended behaviour and actually needed if you need to switch sessions or change session ids. – hakre Dec 27 '11 at 23:11
  • ha, like I wrote, no session cookie existed ;) – hakre Jan 02 '12 at 17:29
1

Let me explain how a session work, PHP saves the variables somewhere on the server side (doesn't matter where for the sake of this explanation), and assosiates it with a unique id (i.e. the Session ID), it then gives the session ID to the user in one of two ways:

  1. Via a GET variable in the url (example.com/index.php?sid=acd6e41ac5ae1dc6ae15dec56)
  2. Via a Cookie sent in the headers.

In the next request, PHP will expect to recieve that ID (in one of the two ways mentioned above), and match that against the list of session IDs it has on the server side. Once a match is found, PHP will load the session environment (accessed by the author using the $_SESSION super global).

You describe a problem where PHP does not find a match, and generates a new session ID instead of continuing with an existing one. This means, probably, that there is a problem in the way the client sends the session ID to the server.

That would mean one of two problems:

  1. User has accessed the site without the GET variable that includes the session id: (example.com instead of example.com/index.php?sid=acd6e41ac5ae1dc6ae15dec56).
  2. User has no enabled cookies or has deleted his cookies in between his session.

Check for these two, it is not likely to be a problem in the PHP engine.

Madara's Ghost
  • 172,118
  • 50
  • 264
  • 308
0

Under php.net session_id()

In php version 5.3.2 in my case each time a new session-id was generated after session_start() but all was working before correctly in previous versions. So I lost data from my current session (wrong session-id). There was always a $_POST or $_GET or $_COOKIE available with the session-name and session-id, so session_start() was taken this automatically. Now I have to execute session_id(..old id ..) before session_start() and a session is started for the same id.