sessions

JakesSA

I was wondering what is the best practice with sessions and objects.

is it ok to have a object take control of session variables or is it best to leave it outside of the class and if needed have the object access those sessions that are in question?

In other words, what is the rule of thumb? 😕

If there is one!

Thanks

barand

IMHO, as $_SESSION is a super global, you would have great difficulty controlling it in a class as it would still be available anywhere in the script. Therefore you may as well go for the latter.

OTOH if you have complex conditions and combinations of session variables in an application I can see that there may be advantages of a class to control them, especially if more than one person working on project. The class could set the rules for everyone.

so there you have it, a definite maybe.

CaptianChaos

<?php
class Whatever
{
  var $var1;

  function Whatever($input) {
    if ($_SESSION['somevar'])
       $this->var1 = $_SESSION['somevar'];
    else
       $this->var1 = $_SESSION['somevar'] = $input;
  }
}
?>

Declaring an instance of this object will set the class variable $var1 equal to $SESSION['somevar'], unless $SESSION['somevar'] is not set, in which case, it is assigned the $input value. Note: $input is ignored when $_SESSION['somevar'] is already set.

I think this is fine, please, take advantage of this feature of PHP. $_SESSION is a global variable, always, you do not have to declare it as global, assuming you have run session_start() before creating your object.

CaptianChaos

A coworker of mine and I disagree on this argument, however. It's funny, because we are working on a project together. All of his class functions that need a session var, he makes it a parameter, like this:

function changePassword ($username) {
...
}

I never do this... I always assume the $_SESSION var is available inside my functions. I do this:

function changePassword() {
$username = $_SESSION['username'];
...
}

Which is better? Well, that all depends. My version makes it clear that I will use $_SESSION['username']. Users of this class function cannot pass the username they want to change, making it more secure and foolproof. The function is clearly meant to change the password that corresponds to the username tied to this session. So, why give users of the class the ability to pass in any old username they want?