1

I'm going to use cookies and sessions to indentify the user. So, sessions will be used only when user chose the 'Don't remeber me' option. I include the identification file in the top of every page of website. User's session looks like $_SESSION['user']

And than is my question:

Must I place to the authentication file session_start() instruction? I asked it because new session creates every time I use this instruction.

Update http://pastebin.com/Nh3zj6mR user identification script

Improve this question
5
  • session_start() creates a new session or resumes the old - unless you do something before calling this session_start(). Then I presume it would always start a new one... Commented Aug 29, 2012 at 18:30
  • Can you post some code? Only cookies are not very secure... Commented Aug 29, 2012 at 18:30
  • @John can you, please, explain why or give a good source to read about it? Commented Aug 29, 2012 at 18:39
  • if (isset($_COOKIE['rwt'])) { $QH=$this->_DBH->prepare("SELECT * FROM accounts WHERE cookie=:cookie_value"); You can simple edit the cookie to another username, and there your are. It is better to use some sort of hash, store that in the cookie, en get the data you need from the database with that hash. Also bind a that cookie to one ip address. Commented Aug 29, 2012 at 19:08
  • @John pastebin.com/aQEzzPJM I create cookie value this way, than insert it to the database Commented Aug 29, 2012 at 19:13

2 Answers 2

Reset to default
1

Yes, you have to place session_start() at top of every php page (before any output was generated, no headers must have sent before) to tell php to accept / start session, expect your php.ini is setup, that sessions start automatic.

I asked it because new session creates every time I use this instruction.<<

That is a hint, that your browser ignore (disallow) session cookies

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

and is normal that session starts even if user's cookie exists?
please show us your logic (code) ... then we can say more about the "fault"
sorry ... but in your code you get an boolean result ... modify your code and let show which false is fired .... example line 10 "return true;" modify it for dump in echo "false in ".__LINE__." return false";die();
sorry, but in this code I check if user with this cookie or session exists, and it's supposed to have a boolean result :)
1

Unless you execute session_start(), PHP's session mechanism will NOT activate. The $_SESSION will be present, you'll be able to read/modify it, but its values will NOT be persisted - e.g... the contents will be lost when the script exits.

If you are running session_start() in every script that uses session data, but the session data is not showing up, then there's probably a misconfiguration causing the session cookie to be lost, and PHP is creating a new session each time.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.