Hm, what exactly you're talking about?
Is the intention, to avoid users hanging around with expired sessions or such security related stuff?
Well, there are some ways...
You could set a session variable which marks them as valid (e.g. checked for correct password or such stuff).
Depending on your PHP Version, you could do
if( !session_is_registered('myValidationVar'))
{
die("Sorry, session invalid or expired");
}
or
if(!isset($_SESSION['myValidationVar']))
{
die("Sorry, session invalid or expired");
}
For sure, you could just set up again your vars and check them if you don't use the session for security issues.
like this
if(!session_is_registered('myVar'))
{
//reset my environment stuff
}
or
if(!isset($_SESSION['myVar']))
{
//reset my environment stuff
}
As your intention was another thing...
Well, PHP starts a new session if you access a document with an invalid session id fore sure.
The only thing to do is to write
//optional @session_name('mySessionName');
@session_start();
At the top of the file.
You could also check, whether the session in the cookie/get data is equal to the started session - if this were not the case, the session was expired and a new one was started for that reason.
//merge get and cookie data
$mySID = array_merge($_GET, $_COOKIE);
//check if expired...
if($mySID[ sesssion_name() ] != session_id())
{
//oops, seems to be an expired one
die("Ttzttz, session is expired my friend");
}
The example above works with PHP < 4.2.0, if you replace $GET with $HTTP_GET_VARS and $COOKIE with $HTTP_COOKIE_VARS
Hope this could help you? 🙂
