session_register and superglobal $_SESSION.

fernandodonster

what is the advatage of session_register over superglobal $_SESSION.? any drawback?thankz in advance.

bradgrafelman

Straight from the manual page for [man]session[/man]:

Use of $SESSION (or $HTTP_SESSION_VARS with PHP 4.0.6 or less) is recommended for improved security and code readability. With $SESSION, there is no need to use the [man]session_register/man, [man]session_unregister/man, [man]session_is_registered/man functions. Session variables are accessible like any other variables.

B_man

session_register creates global variables (e.g. $var as opposed to $SESSION['var']). It is, however, depreciated as it doesn't work on a system where register_globals is disabled (the default in PHP since about halfway through v4's life), and it has the same security deficiencies that register_globals has. Using $SESSION assures that anything in that superglobal is something you explicitly put in there.

In general, there's no real advantage to using session_register, and it's bad practice to do so since it doesn't work in a very large number of setups.

MarkR

As far as I'm aware, session_register('foo') just does:

 global $foo;
 $foo = & $_SESSION['foo'];

Which is not something that you normally want to do, as you could just use $_SESSION['foo'] everywhere instead, for better readability.

Mark