php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #52982 Expose php_session_active to userland via new function (patch included)
Submitted: 2010-10-04 04:45 UTC Modified: 2011-08-30 03:01 UTC
Votes:5
Avg. Score:3.4 ± 1.4
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: php dot net at kenman dot net Assigned: arpad
Status: Closed Package: Session related
PHP Version: 5.3.3 OS:
Private report: No CVE-ID:
 [2010-10-04 04:45 UTC] php dot net at kenman dot net
Description:
------------
Attempting to start a session after a session has already been started raises an 
E_NOTICE, however, there is no sane way to check if a session has already been 
started. The only ways that I could devise were using the shut-up op (@) or by 
creating wrapper functions around all of the session functions.

This is extreme because there exists in the PHP source, code which can do this; my 
patch exposes this code for userland comsumption.

More info: 
http://stackoverflow.com/questions/3788369/how-to-tell-if-a-session-is-active

Test script:
---------------
session_start();

// 1000's of lines of code, which may/may not have closed the session

session_start(); // how to tell if a session is active here?

Expected result:
----------------
Should be able to ask PHP whether or not it knows of an active session.

Actual result:
--------------
Notice: A session had already been started - ignoring session_start()

Patches

php-trunk-session-status-bools (last revision 2011-07-26 18:53 UTC) by arpad@php.net)
php-trunk-session-status (last revision 2011-07-26 18:52 UTC) by arpad@php.net)
session.c.patch.txt (last revision 2010-10-04 07:05 UTC) by php dot net at kenman dot net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-04 10:31 UTC] kalle@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: kalle
 [2010-10-04 10:31 UTC] kalle@php.net
If we are going to expose php_session_active, we might aswell expose the other values. I will cook up a patch and apply it to trunk shortly
 [2010-10-04 12:15 UTC] pajoye@php.net
The notice is documented and can be disabled using the display error settings. To detect whether or not session_start was successful, you have to test its return value (as of 5.3.0).

It is actually a documentation problem as the examples in the manual does not check the return values (maybe add one on top of them using 5.3+).
 [2010-10-05 07:34 UTC] php dot net at kenman dot net
pajoye,

I'm not sure if you understand which problem I'm trying to address here; it's 
not whether or not session_start() was successful, it's whether or not there is 
a current active session.

Many times, in frameworks or other large-scale applications, you have no way of 
knowing whether session_start() has already been called. You cannot rely on 
session_id(), SID, session_start(), $_SESSION, or any other session functions or 
session functionality (that I'm aware of) to tell me "yes, you already have a 
session open" or "no, you do not have a session open" _before_ I call 
session_start().
 [2011-07-25 17:25 UTC] php dot net at kenman dot net
Any update on this? 

Simple request; I'm not exactly sure what all Kalle was speaking to WRT "expose 
the other values", but what I'm requested here is a tiny piece of functionality, 
and that is *all* that is being requested.
 [2011-07-25 22:37 UTC] arpad@php.net
If you're trying to establish whether it's safe to start your own session, this patch is deficient because PS(session_status) is not a boolean - it could also be php_session_disabled.

I'd imagine robust code to handle this (rather unusual) case where you require a session but don't know if it's present, would be something like:

if (session_is_available()) {
    if (!session_is_active()) {
        if (headers_sent()) {
            // bail out
        } else {
            session_start();
        }
    }
} else {
    // bail out
}

We could instead provide a session_status() function which corresponds to the internal enum (returning SESSION_DISABLED, SESSION_NONE or SESSION_ACTIVE.)

I assume this is what Kalle was talking about WRT exposing the other values.

Both options are trivial patches. The former seems friendlier but more prone to error.
 [2011-07-26 14:31 UTC] php dot net at kenman dot net
Thank you very much, Arpad; my rudimentary C skills were barely enough for me to 
craft the patch (which I somehow managed to compile and use), and so I appreciate 
the background info. I would be happy with any solution that helps me to solve the 
problem!
 [2011-07-26 18:52 UTC] arpad@php.net
The following patch has been added/updated:

Patch Name: php-trunk-session-status
Revision:   1311706347
URL:        https://bugs.php.net/patch-display.php?bug=52982&patch=php-trunk-session-status&revision=1311706347
 [2011-07-26 18:53 UTC] arpad@php.net
The following patch has been added/updated:

Patch Name: php-trunk-session-status-bools
Revision:   1311706403
URL:        https://bugs.php.net/patch-display.php?bug=52982&patch=php-trunk-session-status-bools&revision=1311706403
 [2011-08-20 18:11 UTC] arpad@php.net
-Assigned To: kalle +Assigned To: arpad
 [2011-08-29 21:29 UTC] arpad@php.net
Automatic comment from SVN on behalf of arpad
Revision: http://svn.php.net/viewvc/?view=revision&revision=315745
Log: Expose session status via new function, session_status (Req #52982)
 [2011-08-29 21:38 UTC] arpad@php.net
-Status: Assigned +Status: Closed
 [2011-08-29 21:38 UTC] arpad@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2011-08-30 03:01 UTC] php dot net at kenman dot net
Thank you Arpad!
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 12:02:07 2014 UTC