[RESOLVED] Scope of sessions

system_critical

Hi,

I've just finished a login script that starts a session in an included file if all the information is kosher. My problem seems to be that nowhere, but the included file is the session accessible. Within the included file echo $_SESSION['session_content'] returns data just fine, but on the file where the include is inserted, I can't get the content. Is there a trick to get sessions to be accessible to more than one page? Also, is it possible for more than one session to occur at once (ie. two users login)? Thanks for the help.🙂

NogDog

session_start() must be called on each and every page that wants to read and/or write data from/to the $SESSION array. It only needs to be called once per page and can be called in the main script or in an include as desired, as long as it's called before the first attempt to access $SESSION.

However, if by some chance you are including a file via a URL (instead of via the file system), then it would be processed as a stand-alone page so any session activity would be local to it. (Including via URL is potentially a severe security risk, however, so I hope you are not doing that.)

Weedpacket

system_critical wrote:
Also, is it possible for more than one session to occur at once (ie. two users login)?

While I write this these forums currently have 143 sessions active, so yes, it is possible; but I don't think the question you asked is the question you wanted answered.

I think what you want to know is if a client computer can have several sessions with the server. Yes: if the sessions are being maintained by different client programs. Or one program might be able to have several sessions. Depends on how it's written. One issue is how the program is supposed to know which session to use at any given time (in other words, which session ID it is supposed to send back to the server with each request).

system_critical

Thank you, both comments are very helpful. I got the sessions to work properly. Since, I'm a noob and this project is very small scale, I'm not extensively worried about security. Though I'd like to learn more about security for future work. I'm not sure which of the methods I'm using for include(); For the noobs, can you elaborate the difference and the security risk? Thank you very much for all the help.

NogDog

For security issues, I strongly recommend picking up Essential PHP Security by Chris Schiflett. It's a short book but is packed with a lot of useful info. I believe it's also available as an e-book at oreilly.com if you prefer that.

system_critical

Thanks for the recommendation. I'll check it out.

Weedpacket

And if you're going to implement security it's something you need to keep in mind throughout. You can't write an application and then slap Security over the top afterwards. It would be like building a house, moving in the furniture, and then deciding where to put the front door.

system_critical

The project is a social site for school and if I make another iteration I'll build it from the ground up. I fear it's already too late this time. Thanks for the advice.