|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #52982 Expose php_session_active to userland via new function (patch included)
Submitted: 2010-10-04 04:45 UTC Modified: 2011-08-30 03:01 UTC
Avg. Score:3.4 ± 1.4
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: php dot net at kenman dot net Assigned: arpad (profile)
Status: Closed Package: Session related
PHP Version: 5.3.3 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: php dot net at kenman dot net
New email:
PHP Version: OS:


 [2010-10-04 04:45 UTC] php dot net at kenman dot net
Attempting to start a session after a session has already been started raises an 
E_NOTICE, however, there is no sane way to check if a session has already been 
started. The only ways that I could devise were using the shut-up op (@) or by 
creating wrapper functions around all of the session functions.

This is extreme because there exists in the PHP source, code which can do this; my 
patch exposes this code for userland comsumption.

More info:

Test script:

// 1000's of lines of code, which may/may not have closed the session

session_start(); // how to tell if a session is active here?

Expected result:
Should be able to ask PHP whether or not it knows of an active session.

Actual result:
Notice: A session had already been started - ignoring session_start()


php-trunk-session-status-bools (last revision 2011-07-26 18:53 UTC by
php-trunk-session-status (last revision 2011-07-26 18:52 UTC by
session.c.patch.txt (last revision 2010-10-04 07:05 UTC by php dot net at kenman dot net)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-04 10:31 UTC]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: kalle
 [2010-10-04 10:31 UTC]
If we are going to expose php_session_active, we might aswell expose the other values. I will cook up a patch and apply it to trunk shortly
 [2010-10-04 12:15 UTC]
The notice is documented and can be disabled using the display error settings. To detect whether or not session_start was successful, you have to test its return value (as of 5.3.0).

It is actually a documentation problem as the examples in the manual does not check the return values (maybe add one on top of them using 5.3+).
 [2010-10-05 07:34 UTC] php dot net at kenman dot net

I'm not sure if you understand which problem I'm trying to address here; it's 
not whether or not session_start() was successful, it's whether or not there is 
a current active session.

Many times, in frameworks or other large-scale applications, you have no way of 
knowing whether session_start() has already been called. You cannot rely on 
session_id(), SID, session_start(), $_SESSION, or any other session functions or 
session functionality (that I'm aware of) to tell me "yes, you already have a 
session open" or "no, you do not have a session open" _before_ I call 
 [2011-07-25 17:25 UTC] php dot net at kenman dot net
Any update on this? 

Simple request; I'm not exactly sure what all Kalle was speaking to WRT "expose 
the other values", but what I'm requested here is a tiny piece of functionality, 
and that is *all* that is being requested.
 [2011-07-25 22:37 UTC]
If you're trying to establish whether it's safe to start your own session, this patch is deficient because PS(session_status) is not a boolean - it could also be php_session_disabled.

I'd imagine robust code to handle this (rather unusual) case where you require a session but don't know if it's present, would be something like:

if (session_is_available()) {
    if (!session_is_active()) {
        if (headers_sent()) {
            // bail out
        } else {
} else {
    // bail out

We could instead provide a session_status() function which corresponds to the internal enum (returning SESSION_DISABLED, SESSION_NONE or SESSION_ACTIVE.)

I assume this is what Kalle was talking about WRT exposing the other values.

Both options are trivial patches. The former seems friendlier but more prone to error.
 [2011-07-26 14:31 UTC] php dot net at kenman dot net
Thank you very much, Arpad; my rudimentary C skills were barely enough for me to 
craft the patch (which I somehow managed to compile and use), and so I appreciate 
the background info. I would be happy with any solution that helps me to solve the 
 [2011-07-26 18:52 UTC]
The following patch has been added/updated:

Patch Name: php-trunk-session-status
Revision:   1311706347
 [2011-07-26 18:53 UTC]
The following patch has been added/updated:

Patch Name: php-trunk-session-status-bools
Revision:   1311706403
 [2011-08-20 18:11 UTC]
-Assigned To: kalle +Assigned To: arpad
 [2011-08-29 21:29 UTC]
Automatic comment from SVN on behalf of arpad
Log: Expose session status via new function, session_status (Req #52982)
 [2011-08-29 21:38 UTC]
-Status: Assigned +Status: Closed
 [2011-08-29 21:38 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

 [2011-08-30 03:01 UTC] php dot net at kenman dot net
Thank you Arpad!
 [2023-03-16 11:05 UTC] ghazu at mil dot com
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 23 01:01:28 2024 UTC