[Resolved] [Resolved] proper way to open a session in PHP4?

sneakyimp

i've been reading PHP documentation and i'm trying to get my head around the whole session thing. Can I just start a session by doing this?

$_SESSION["user"] = "admin";

or do i need to do a session_start() first? what about session_register()? i understand that session_register does kind of the same thing as the statement above but has an implicit call to session_start() built in.

And what is the advantage of giving a session a name? It sounds like extra hassle to me and i'd like to know what benefits there are or why one might do it at all.

and lastly, i am very interested in keeping my session id secret...any tips?

devinemke

you must call session_start() at the top of each page the uses sessions. the default method of session propagation in cookies so you must call session_start before anything is sent to the browser.

don't use session_register(). that is the old depreciated method. just simply add varibales to the $_SESSION array as you would any other.

Be advised that session don't behave as expected with register_globals ON. changes to globals variables also alster the $_SESSION data.

giving a session a name is handy if you want to have 2 or more concurrent sessions (and want to uniquely identitfy them).

sneakyimp

thanks!

i'm tempted then i think to turn register_globals off. it enhances security to do so, correct?

what's the down side to that? you just have to explicitly check $GET or $POST, right?

and lastly, what about named sessions? what's the point of naming a session...and can you name a session using $_SESSION style sessioning?

devinemke

turn register_globals off. there are a variety of reasons to do this that have nothing to do with sessions.

see my first post about session names

sneakyimp

THANKS devin!