How to work with sessions in php?

I

Ivan Vekov2021-02-17 23:16:02

PHP

Ivan Vekov, 2021-02-17 23:16:02

Good afternoon,

I am writing a small project in pure php, I have not tried it before - I used slim, laravel, bitrix, all sorts of forms. And somehow I did not think about the work of the sessions.

Now I'm doing crutch authorization (just to be). And I ran into a problem.

I understand that in order to work with sessions, you need to register session_start ()? And where to do it? I paste it before

. So it turns out:

<?if(!$_SESSION)session_start();?>
<!DOCTYPE html>
<html>
<head>

But instead of sessions I get errors:
1) Undefined variable $_SESSION in /var/www/html/public/template/header.php
2) session_start(): Session cannot be started after headers have already been sent

I can read, I see that Writes that the headers have already been sent. I even tried googling. Everywhere people just put session_start () in the middle of the code, they are advised to move before and everything works for them right away. As you can see, it did not help me)

Please save me)

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

I

Ivan Vekov, 2021-02-18
@vekov

The problem was pretty obvious. It consisted in the output of errors and unnecessary checking.
Used error_reporting(E_ERROR | E_PARSE);
To avoid warnings that the variable is not defined.
And then, after reading a little more docks on the session, I decided that the check, in general, was superfluous. Left just session_start(); Because it not only starts a new session, but also continues the existing one. Therefore, in the additional check - there is no point.

S

Sergey Sokolov, 2021-02-17
@sergiks

php.net/manual/en/session.examples.basic

I

Ivan Shalganov, 2021-02-18
@Aco

When the session starts, a cookie (session id) is set, which is passed in the response header. Therefore, the session requires that no headers be sent. You can turn off the setting of cookies by session In general, I do not recommend using native PHP sessions, there are a lot of rakes. And one rake has already been stepped on. There will be more.
ini_set('session.use_cookies', '0');

I

iamdivine, 2021-02-18
@iamdivine

if (!isset($_SESSION)
session_start();

But I don't recommend doing that. Stupid check
In general, you first need to assign a value to the session, for example, after authorization

if (isset($_POST['auth'])) {
    if($func->checkPassword($_POST['login'], $_POST['password'])) {
        $_SESSION[name] = $_POST['login'];
        header("Location: cp.php");
    }
    else
        $msg = "Не верный логин или пароль";
}

Here I have a password verification function through password_verify

if($func->checkPassword($_POST['login'], $_POST['password'])) {

Accordingly, after authorization, a session will be created in which the login of the person who entered his name in the form is recorded,
then let's create the cp.php file
. put a check

if(!isset($_SESSION['name']) {
//Любые манипуляции если он не залогинен
//например кинем на login.php
header('Location: login.php')
}

isset - check for the set value of the variable i.e. if it does not exist, then the code in parentheses works
if everything is ok, then we can continue to do whatever we want
. Your problem is that you check the $_SESSION array, although if you are not authorized it is not there + you did not fill it in as I filled out (name)