Close connection before or after session

amax

Hi All, I have a form that creates a session for a user to login. Basically, when form is submitted I:
1) Query the database checking that username they selected doesnt already exist
2) if all is OK, session_start(); session_register('username'); and then header("Location:page.php");

As it is always best practice from what I have bene studying to close the connection, should I do it after the header("Location:page.php"); or before the session_start()

I was thinking that closing before the session_start would be correct, but am confused that If I close it here I possibly destroy the session. Can anyone help me out with their advice on this

bradgrafelman

For one, get rid of [man]session_register/man - this has been deprecated for some time now. Instead, you should be using the $_SESSION superglobal array; more information about this superglobal can be found in the manual here: [man]variables.session[/man].

Secondly, the problem you're referring to is that sometimes the server hasn't finished cleaning up from the last execution of the PHP script (e.g. taking all of the session data cached in memory and writing it out to the file on the hard drive) before the user's browser requests the new page. Thus, a separate Apache thread starts and PHP loads the session data from file - the old session data.

What is common practice, then, is to do something like this when redirecting just to help prevent this type of race condition:

session_start();

// blah blah blah

$_SESSION['user'] = 'bradgrafelman';
session_write_close();
header('Location: http://mysite.com/mypage.php');
exit;

amax

Super, thanks for clearing this up for me bradgrafelman.