When and where should I use session_start?
As others have said, the absolute requirements of what you must do are:
- You must run
session_startbefore you read or write to$_SESSION(otherwise it will just be an ordinary array and not saved anywhere). - You must not run
session_starttwice during a single script execution (page load) unless you usesession_write_closeto close it in between.
There is an extra rule that technically has exceptions, but is best treated as absolute:
- Do not start the session after you have written any output (
echo, HTML outside PHP blocks, etc), because PHP may not be able to send cookies to the browser if the server has already started sending the content.
There are two reasons you might want to avoid starting the session:
- PHP locks the session when you open it to avoid two processes writing conflicting data into it, so if you have several requests happening at once, you want to avoid them waiting for each other unless they really need to. For instance, if you're responding to an AJAX request, and don't need any data from the session, don't open it.
- As mentioned by symcbean, there is some cost to creating a new session, so if your site is busy with either legitimate or malicious traffic, you might want to serve some landing pages or error messages without starting it at all.
After that, it becomes a matter of style and architecture, but the rule of thumb that covers most of the above is "as soon as possible, if you're sure the page needs it".
where to declare session_start if multiple files are included?
TL;DR
You do not need to call the function again after you have called it in your header file.
And Oh, it is $_SESSION , not $_Session
where to declare session_start if multiple files are included?
Before you send any output to the browser. Nothing else matters. There can be hundreds of PHP code lines before that as long as they don't send any output you can call session_start(); after that.
Obviously you will not have SESSION values before that :)
Please elaborate i didn't understand
Don't echo or print etc anything before calling session_start(), not even outside PHP tags. Don't place any html or blank spaces before the PHP tags either. Absolutely nothing should be sent to browser before you call that function.
Wrong usage
<html>
<?php
session_start();
?>
Right Usage
<?php
blahblahblah(); // or nothing
session_start();
echo "<html>";
?>
don't I need to use session_start() to use session global variables?
Your first block of code should be checking if the session variable is set, rather than the user variable exists in the session:
if(!isset($_SESSION)) {
session_start();
}
However, if you just ensure that you only have a single session_start() per page then you can avoid the "A session had already been started" notice.
PHP session, why is session_start() required multiple times?
From php.net:
session_start() creates a session or resumes the current one based on
a session identifier passed via a GET or POST request, or passed via a
cookie.When session_start() is called or when a session auto starts, PHP will
call the open and read session save handlers.
In other words, session_start() does not only create a session when a session does not exists yet, but it also makes it possible for a script to access the current session. It gives read and write access to the $_SESSION variable.
Without session_start, the script cannot write or read from the session, the session is still there but it cannot be read or modified by the script. If you only want to give read access to a session you can call session_write_close(); to close the write access. This can be handy when you want multiple files to open the same session at the same time. When a script has write access it blocks the current session file, blocking all other scripts that want write access to the same session.
If you are lazy and always want a session to be active, you can write
php_flag session.auto_start 1
in a .htaccess file to enable the auto start of a session in php.
PHP session_start() function: Why I need it everytime I use anything related to PHP sessions
session_destroy() destroys the active session. If you do not initialized the session, there will be nothing to be destroyed.
What happens if I don't call session_start()?
If you don't call session_start() than you won't have $_SESSION available. But if the page is a static html file anyway than you won't need $_SESSION for that page so you don't have to worry about it.
You only need it on pages where you do something with $_SESSION
Related Topics
Mysqli_Query() Expects at Least 2 Parameters, 1 Given In
How to Define an Empty Object in PHP
PHP Prepend Leading Zero Before Single Digit Number, On-The-Fly
How to Convert a String to JSON Object in PHP
A Better Approach Than Storing MySQL Password in Plain Text in Config File
How to Determine the Memory Footprint (Size) of a Variable
Laravel 4: How to "Order By" Using Eloquent Orm
How to Remove Part of a String in PHP
Function to Return Only Alpha-Numeric Characters from String
How to Write a Stored Procedure in PHPmyadmin
What Does Using a Single Pipe '|' in a Function Argument Do
Why Do I Have to Run "Composer Dump-Autoload" Command to Make Migrations Work in Laravel
Simple PHP SQL Login Troubleshooting
Should I Use Prepared Statements for MySQL in PHP Performance-Wise