sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-17 01:18:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
php-doc-en/functions/session.xml
Hartmut Holzgraefe 7839d91186 added DO NOT EDIT noctice to old english functions files, 
removing the others


git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@78562 c90b9560-bf6c-de11-be94-00142212c4b1
2002-04-17 19:58:46 +00:00

1280 lines
42 KiB
XML
Raw Blame History

<!-- D O N O T E D I T T H I S F I L E ! ! !
it is still here for historical reasons only
(as translators may need to check old revision diffs)
if you want to change things documented in this file
you should now edit the files found under en/reference
instead -->
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.87 $ -->
<reference id="ref.session">
<title>Session handling functions</title>
<titleabbrev>Sessions</titleabbrev>
<partintro>
<para>
Session support in PHP consists of a way to preserve certain data
across subsequent accesses. This enables you to build more
customized applications and increase the appeal of your web site.
</para>
<para>
If you are familiar with the session management of PHPLIB, you
will notice that some concepts are similar to PHP's session
support.
</para>
<para>
A visitor accessing your web site is assigned an unique id, the
so-called session id. This is either stored in a cookie on the
user side or is propagated in the URL.
</para>
<para>
The session support allows you to register arbitrary numbers of
variables to be preserved across requests. When a visitor accesses
your site, PHP will check automatically (if session.auto_start is
set to 1) or on your request (explicitly through
<function>session_start</function> or implicitly through
<function>session_register</function>) whether a specific session
id has been sent with the request. If this is the case, the prior
saved environment is recreated.
</para>
<para>
All registered variables are serialized after the request
finishes. Registered variables which are undefined are marked as
being not defined. On subsequent accesses, these are not defined
by the session module unless the user defines them later.
</para>
<para>
The <link
linkend="ini.track-vars"><literal>track_vars</literal></link> and
<link
linkend="ini.register-globals"><literal>register_globals</literal></link>
configuration settings influence how the session variables get
stored and restored.
</para>
<note>
<para>
As of PHP 4.0.3, <link
linkend="ini.track-vars"><literal>track_vars</literal></link> is
always turned on.
</para>
</note>
<note>
<para>
As of PHP 4.1.0, <varname>$_SESSION</varname> is available as
global variable just like <varname>$_POST</varname>,
<varname>$_GET</varname>, <varname>$_REQUEST</varname> and so on.
Not like <varname>$HTTP_SESSION_VARS</varname>,
<varname>$_SESSION</varname> is always global. Therefore,
<literal>global</literal> should not be used for
<varname>$_SESSION</varname>.
</para>
</note>
<para>
If <link
linkend="ini.track-vars"><literal>track_vars</literal></link> is
enabled and <link
linkend="ini.register-globals"><literal>register_globals</literal></link>
is disabled, only members of the global associative array
<varname>$HTTP_SESSION_VARS</varname> can be registered as session
variables. The restored session variables will only be available
in the array <varname>$HTTP_SESSION_VARS</varname>.
<example>
<title>
Registering a variable with <link
linkend="ini.track-vars"><literal>track_vars</literal></link>
enabled
</title>
<programlisting role="php">
<![CDATA[
<?php
if (isset($HTTP_SESSION_VARS['count'])) {
$HTTP_SESSION_VARS['count']++;
}
else {
$HTTP_SESSION_VARS['count'] = 0;
}
?>
]]>
</programlisting>
</example>
</para>
<para>
Use of <varname>$_SESSION</varname> (or
<varname>$HTTP_SESSION_VARS</varname> with PHP 4.0.6 or less) is
recommended for security and code readablity. With
<varname>$_SESSION</varname> or
<varname>$HTTP_SESSION_VARS</varname>, there is no need to use
session_register()/session_unregister()/session_is_registered()
functions. Users can access session variable like a normal
variable.
<example>
<title>
Registering a variable with $_SESSION.
</title>
<programlisting role="php">
<![CDATA[
<?php
// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
?>
]]>
</programlisting>
</example>
<example>
<title>
Unregistering a variable with $_SESSION.
</title>
<programlisting role="php">
<![CDATA[
<?php
// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less
unset($_SESSION['count']);
?>
]]>
</programlisting>
</example>
</para>
<para>
If <link
linkend="ini.register-globals"><literal>register_globals</literal></link>
is enabled, then all global variables can be registered as session
variables and the session variables will be restored to
corresponding global variables. Since PHP must know which global
variables are registered as session variables, users must register
variables with session_register() function while
<varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>
does not need to use session_register().
<caution>
<para>
If you are using
<varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>
and disable <link
linkend="ini.register-globals"><literal>register_globals</literal></link>,
do not use <function>session_register</function>,
<function>session_is_registered</function> and
<function>session_unregister</function>.
</para>
<para>
If you enable <link
linkend="ini.register-globals"><literal>register_globals</literal></link>,
<function>session_unregister</function> should be used since
session variables are registered as global variables when
session data is deserialized. Disabling <link
linkend="ini.register-globals"><literal>register_globals</literal></link>
is recommended for both security and performance reason.
</para>
</caution>
<example>
<title>
Registering a variable with <link
linkend="ini.register-globals"><literal>register_globals</literal></link>
enabled
</title>
<programlisting role="php">
<![CDATA[
<?php
if (!session_is_registered('count')) {
session_register("count");
$count = 0;
}
else {
$count++;
}
?>
]]>
</programlisting>
</example>
</para>
<para>
If both <link
linkend="ini.track-vars"><literal>track_vars</literal></link> and
<link
linkend="ini.register-globals"><literal>register_globals</literal></link>
are enabled, then the globals variables and the
<varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>
entries will reference the same value for already registered
variables.
</para>
<para>
If user use session_register() to register session variable,
<varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>
will not have these variable in array until it is loaded from
session storage. (i.e. until next request)
</para>
<para>
There are two methods to propagate a session id:
<itemizedlist>
<listitem>
<simpara>
Cookies
</simpara>
</listitem>
<listitem>
<simpara>
URL parameter
</simpara>
</listitem>
</itemizedlist>
</para>
<para>
The session module supports both methods. Cookies are optimal, but
since they are not reliable (clients are not bound to accept
them), we cannot rely on them. The second method embeds the
session id directly into URLs.
</para>
<para>
PHP is capable of doing this transparently when compiled with
<link linkend="install.configure.enable-trans-sid">
<literal>--enable-trans-sid</literal></link>. If you enable this option,
relative URIs will be changed to contain the session id
automatically. Alternatively, you can use the constant
<literal>SID</literal> which is defined, if the client did not
send the appropriate cookie. <literal>SID</literal> is either of
the form <literal>session_name=session_id</literal> or is an empty
string.
</para>
<para>
The following example demonstrates how to register a variable, and
how to link correctly to another page using SID.
<example>
<title>Counting the number of hits of a single user</title>
<programlisting role="php">
<![CDATA[
<?php
if (!session_is_registered('count')) {
session_register('count');
$count = 1;
}
else {
$count++;
}
?>
Hello visitor, you have seen this page <?php echo $count; ?> times.<p>;
<?php
# the <?php echo SID?> (<?=SID?> can be used if short tag is enabled)
# is necessary to preserve the session id
# in the case that the user has disabled cookies
?>
To continue, <A HREF="nextpage.php?<?php echo SID?>">click here</A>
]]>
</programlisting>
</example>
</para>
<para>
The <literal>&lt;?=SID?&gt;</literal> is not necessary, if
<link linkend="install.configure.enable-trans-sid">
<literal>--enable-trans-sid</literal></link> was used to compile PHP.
</para>
<note>
<para>
Non-relative URLs are assumed to point to external sites and
hence don't append the SID, as it would be a security risk to
leak the SID to a different server.
</para>
</note>
<para>
To implement database storage, or any other storage method, you
will need to use <function>session_set_save_handler</function> to
create a set of user-level storage functions.
</para>
<para>
The session management system supports a number of configuration
options which you can place in your &php.ini; file. We will give a
short overview.
<itemizedlist>
<listitem>
<simpara>
<literal>session.save_handler</literal> defines the name of the
handler which is used for storing and retrieving data
associated with a session. Defaults to
<literal>files</literal>.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.save_path</literal> defines the argument which
is passed to the save handler. If you choose the default files
handler, this is the path where the files are created.
Defaults to <literal>/tmp</literal>. If
<literal>session.save_path</literal>'s path depth is more than
2, garbage collection will not be performed.
</simpara>
<warning>
<para>
If you leave this set to a world-readable directory, such as
<filename>/tmp</filename> (the default), other users on the
server may be able to hijack sessions by getting the list of
files in that directory.
</para>
</warning>
</listitem>
<listitem>
<simpara>
<literal>session.name</literal> specifies the name of the
session which is used as cookie name. It should only contain
alphanumeric characters. Defaults to
<literal>PHPSESSID</literal>.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.auto_start</literal> specifies whether the
session module starts a session automatically on request
startup. Defaults to <literal>0</literal> (disabled).
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.cookie_lifetime</literal> specifies the lifetime of
the cookie in seconds which is sent to the browser. The value 0
means "until the browser is closed." Defaults to
<literal>0</literal>.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.serialize_handler</literal> defines the name
of the handler which is used to serialize/deserialize
data. Currently, a PHP internal format (name
<literal>php</literal>) and WDDX is supported (name
<literal>wddx</literal>). WDDX is only available, if PHP is
compiled with <link linkend="ref.wddx">WDDX
support</link>. Defaults to <literal>php</literal>.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.gc_probability</literal> specifies the
probability that the gc (garbage collection) routine is started
on each request in percent. Defaults to <literal>1</literal>.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.gc_maxlifetime</literal> specifies the number
of seconds after which data will be seen as 'garbage' and
cleaned up.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.referer_check</literal> contains the substring you
want to check each HTTP Referer for. If the Referer was sent by the
client and the substring was not found, the embedded session id will
be marked as invalid. Defaults to the empty string.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.entropy_file</literal> gives a path to an
external resource (file) which will be used as an additional
entropy source in the session id creation process. Examples are
<literal>/dev/random</literal> or
<literal>/dev/urandom</literal> which are available on many
Unix systems.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.entropy_length</literal> specifies the number
of bytes which will be read from the file specified
above. Defaults to <literal>0</literal> (disabled).
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.use_cookies</literal> specifies whether the
module will use cookies to store the session id on the client
side. Defaults to <literal>1</literal> (enabled).
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.cookie_path</literal> specifies path to set
in session_cookie. Defaults to <literal>/</literal>.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.cookie_domain</literal> specifies domain to
set in session_cookie. Default is none at all.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.cache_limiter</literal> specifies cache
control method to use for session pages
(none/nocache/private/private_no_expire/public). Defaults to
<literal>nocache</literal>.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.cache_expire</literal> specifies time-to-live
for cached session pages in minutes, this has no effect for
nocache limiter. Defaults to <literal>180</literal>.
</simpara>
</listitem>
<listitem>
<simpara>
<literal>session.use_trans_sid</literal> whether transparent sid support
is enabled or not if enabled by compiling with
<link linkend="install.configure.enable-trans-sid">
<literal>--enable-trans-sid</literal></link>.
Defaults to <literal>1</literal> (enabled).
</simpara>
</listitem>
<listitem>
<simpara>
<literal>url_rewriter.tags</literal> spefifies which html tags are
rewritten to include session id if transparent sid support is enabled.
Defaults to <literal>a=href,area=href,frame=src,input=src,form=fakeentry</literal>
</simpara>
</listitem>
</itemizedlist>
<note>
<para>
Session handling was added in PHP 4.0.
</para>
</note>
</para>
</partintro>
<refentry id="function.session-start">
<refnamediv>
<refname>session_start</refname>
<refpurpose>Initialize session data</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>bool</type><methodname>session_start</methodname>
<void/>
</methodsynopsis>
<simpara>
<function>session_start</function> creates a session (or resumes
the current one based on the session id being passed via a GET
variable or a cookie).
</simpara>
<simpara>
If you want to use a named session, you must call
<function>session_name</function> before calling
<function>session_start</function>.
</simpara>
<simpara>
This function always returns &true;.
</simpara>
<note>
<para>
If you are using cookie-based sessions, you must call
<function>session_start</function> before anything is output to the
browser.
</para>
</note>
<simpara>
<function>session_start</function> will register internal output
handler for URL rewriting when <literal>trans-sid</literal> is
enabled. If a user uses <literal>ob_gzhandler</literal> or like
with <function>ob_start</function>, the order of output handler
is important for proper output. For example, user must register
<literal>ob_gzhandler</literal> before session start.
</simpara>
<note>
<simpara>
Use of <literal>zlib.output_compression</literal> is recommended
rather than <literal>ob_gzhandler</literal>
</simpara>
</note>
</refsect1>
</refentry>
<refentry id="function.session-destroy">
<refnamediv>
<refname>session_destroy</refname>
<refpurpose>Destroys all data registered to a session</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>bool</type><methodname>session_destroy</methodname>
<void/>
</methodsynopsis>
<simpara>
<function>session_destroy</function> destroys all of the data
associated with the current session. It does not unset any of
the global variables associated with the session, or unset the
session cookie.
</simpara>
<simpara>
This function returns &true; on success and
&false; on failure to destroy
the session data.
</simpara>
<para>
<example>
<title>Destroying a session</title>
<programlisting role="php">
<![CDATA[
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
session_unset();
// Finally, destroy the session.
session_destroy();
?>
]]>
</programlisting>
</example>
</para>
<para>
<example>
<title>Destroying a session with $_SESSION</title>
<programlisting role="php">
<![CDATA[
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// Finally, destroy the session.
session_destroy();
?>
]]>
</programlisting>
</example>
</para>
</refsect1>
</refentry>
<refentry id="function.session-name">
<refnamediv>
<refname>session_name</refname>
<refpurpose>Get and/or set the current session name</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>string</type><methodname>session_name</methodname>
<methodparam choice="opt"><type>string</type><parameter>name</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_name</function> returns the name of the current
session. If <parameter>name</parameter> is specified, the name of
the current session is changed to its value.
</para>
<para>
The session name references the session id in cookies and
URLs. It should contain only alphanumeric characters; it should
be short and descriptive (i.e. for users with enabled cookie
warnings). The session name is reset to the default value
stored in <literal>session.name</literal> at request startup
time. Thus, you need to call <function>session_name</function>
for every request (and before <function>session_start</function>
or <function>session_register</function> are called).
</para>
<example>
<title><function>session_name</function> examples</title>
<programlisting role="php">
<![CDATA[
<?php
// set the session name to WebsiteID
$previous_name = session_name("WebsiteID");
echo "The previous session name was $previous_name<p>";
?>
]]>
</programlisting>
</example>
</refsect1>
</refentry>
<refentry id="function.session-module-name">
<refnamediv>
<refname>session_module_name</refname>
<refpurpose>Get and/or set the current session module</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>string</type><methodname>session_module_name</methodname>
<methodparam choice="opt"><type>string</type><parameter>module</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_module_name</function> returns the name of the
current session module. If <parameter>module</parameter> is
specified, that module will be used instead.
</para>
</refsect1>
</refentry>
<refentry id="function.session-save-path">
<refnamediv>
<refname>session_save_path</refname>
<refpurpose>Get and/or set the current session save path</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>string</type><methodname>session_save_path</methodname>
<methodparam choice="opt"><type>string</type><parameter>path</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_save_path</function> returns the path of the current
directory used to save session data. If <parameter>path</parameter>
is specified, the path to which data is saved will be changed.
<note>
<para>
On some operating systems, you may want to specify a path on a
filesystem that handles lots of small files efficiently. For
example, on Linux, reiserfs may provide better performance than
ext2fs.
</para>
</note>
</para>
</refsect1>
</refentry>
<refentry id="function.session-id">
<refnamediv>
<refname>session_id</refname>
<refpurpose>Get and/or set the current session id</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>string</type><methodname>session_id</methodname>
<methodparam choice="opt"><type>string</type><parameter>id</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_id</function> returns the session id for the
current session. If <parameter>id</parameter> is specified, it
will replace the current session id.
</para>
<para>
The constant <systemitem>SID</systemitem> can also be used to
retrieve the current name and session id as a string suitable for
adding to URLs.
</para>
</refsect1>
</refentry>
<refentry id="function.session-register">
<refnamediv>
<refname>session_register</refname>
<refpurpose>
Register one or more variables with the current session
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>bool</type><methodname>session_register</methodname>
<methodparam><type>mixed</type><parameter>name</parameter></methodparam>
<methodparam choice="opt"><type>mixed</type><parameter>...</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_register</function> accepts a variable number of
arguments, any of which can be either a string holding the name of a
variable or an array consisting of variable names or other arrays. For
each name, <function>session_register</function> registers the global
variable with that name in the current session.
</para>
<caution>
<para>
This registers a <emphasis>global</emphasis> variable. If you want to
register a session variable inside a function, you need to make sure to
make it global using <function>global</function> or use the session
arrays as noted below.
</para>
</caution>
<caution>
<para>
If you are using
<varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>,
do not use <function>session_register</function>,
<function>session_is_registered</function> and
<function>session_unregister</function>.
</para>
</caution>
<para>
This function returns &true; when all of the variables are successfully
registered with the session.
</para>
<para>
If <function>session_start</function> was not called before this function
is called, an implicit call to <function>session_start</function> with no
parameters will be made.
</para>
<para>
You can also create a session variable by simply setting the
appropriate member of the <varname>$HTTP_SESSION_VARS</varname>
or <varname>$_SESSION</varname> (PHP >= 4.1.0) array.
<informalexample>
<programlisting role="php">
<![CDATA[
$barney = "A big purple dinosaur.";
session_register("barney");
$HTTP_SESSION_VARS["zim"] = "An invader from another planet.";
# the auto-global $_SESSION array was introduced in PHP 4.1.0
$_SESSION["spongebob"] = "He's got square pants.";
]]>
</programlisting>
</informalexample>
</para>
<note>
<para>
It is not currently possible to register resource variables in a
session. For example, you can not create a connection to a
database and store the connection id as a session variable and
expect the connection to still be valid the next time the
session is restored. PHP functions that return a resource are
identified by having a return type of
<literal>resource</literal> in their function definitions. A
list of functions that return resources are available in the
<link linkend="resource">resource types</link> appendix.
</para>
<para>
If <varname>$_SESSION</varname> (or
<varname>$HTTP_SESSION_VARS</varname> for PHP 4.0.6 or less) is
used, assign variable to
<varname>$_SESSION</varname>. i.e. $_SESSION['var'] = 'ABC';
</para>
</note>
<para>
See also <function>session_is_registered</function> and
<function>session_unregister</function>.
</para>
</refsect1>
</refentry>
<refentry id="function.session-unregister">
<refnamediv>
<refname>session_unregister</refname>
<refpurpose>
Unregister a variable from the current session
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>bool</type><methodname>session_unregister</methodname>
<methodparam><type>string</type><parameter>name</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_unregister</function> unregisters (forgets)
the global variable named <parameter>name</parameter> from the
current session.
</para>
<para>
This function returns &true; when the variable is successfully
unregistered from the session.
</para>
<note>
<para>
If <varname>$_SESSION</varname> (or
<varname>$HTTP_SESSION_VARS</varname> for PHP 4.0.6 or less) is
used, use <function>unset</function> to unregister a session
variable.
</para>
</note>
<caution>
<para>
This function doesn't unset the corresponding global variable for
<parameter>name</parameter>, it only prevents the variable from being
saved as part of the session. You must call <function>unset</function>
to remove the corresponding global variable.
</para>
</caution>
<caution>
<para>
If you are using
<varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>,
do not use <function>session_register</function>,
<function>session_is_registered</function> and
<function>session_unregister</function>.
</para>
</caution>
</refsect1>
</refentry>
<refentry id="function.session-unset">
<refnamediv>
<refname>session_unset</refname>
<refpurpose>
Free all session variables
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>void</type><methodname>session_unset</methodname>
<void/>
</methodsynopsis>
<para>
The <function>session_unset</function> function free's all session variables
currently registered.
</para>
<note>
<para>
If <varname>$_SESSION</varname> (or
<varname>$HTTP_SESSION_VARS</varname> for PHP 4.0.6 or less) is
used, use <function>unset</function> to unregister session
variable. i.e. $_SESSION = array();
</para>
</note>
</refsect1>
</refentry>
<refentry id="function.session-is-registered">
<refnamediv>
<refname>session_is_registered</refname>
<refpurpose>
Find out if a variable is registered in a session
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>bool</type><methodname>session_is_registered</methodname>
<methodparam><type>string</type><parameter>name</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_is_registered</function> returns &true; if there
is a variable with the name <parameter>name</parameter>
registered in the current session.
</para>
<note>
<para>
If <varname>$_SESSION</varname> (or
<varname>$HTTP_SESSION_VARS</varname> for PHP 4.0.6 or less) is
used, use <function>isset</function> to check a variable is
registered in <varname>$_SESSION</varname>.
</para>
</note>
<caution>
<para>
If you are using
<varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>,
do not use <function>session_register</function>,
<function>session_is_registered</function> and
<function>session_unregister</function>.
</para>
</caution>
</refsect1>
</refentry>
<refentry id="function.session-get-cookie-params">
<refnamediv>
<refname>session_get_cookie_params</refname>
<refpurpose>
Get the session cookie parameters
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>array</type><methodname>session_get_cookie_params</methodname>
<void/>
</methodsynopsis>
<para>
The <function>session_get_cookie_params</function> function returns an
array with the current session cookie information, the array contains
the following items:
<itemizedlist>
<listitem>
<simpara>
"lifetime" - The lifetime of the cookie.
</simpara>
</listitem>
<listitem>
<simpara>
"path" - The path where information is stored.
</simpara>
</listitem>
<listitem>
<simpara>
"domain" - The domain of the cookie.
</simpara>
</listitem>
<listitem>
<simpara>
"secure" - The cookie should only be sent over secure connections.
(This item was added in PHP 4.0.4.)
</simpara>
</listitem>
</itemizedlist>
</para>
</refsect1>
</refentry>
<refentry id="function.session-set-cookie-params">
<refnamediv>
<refname>session_set_cookie_params</refname>
<refpurpose>
Set the session cookie parameters
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>void</type><methodname>session_set_cookie_params</methodname>
<methodparam><type>int</type><parameter>lifetime</parameter></methodparam>
<methodparam choice="opt"><type>string</type><parameter>path</parameter></methodparam>
<methodparam choice="opt"><type>string</type><parameter>domain</parameter></methodparam>
<methodparam choice="opt"><type>bool</type><parameter>secure</parameter></methodparam>
</methodsynopsis>
<para>
Set cookie parameters defined in the &php.ini; file. The effect of this
function only lasts for the duration of the script.
</para>
<note>
<para>
The <parameter>secure</parameter> parameter was added in PHP
4.0.4.
</para>
</note>
</refsect1>
</refentry>
<refentry id="function.session-decode">
<refnamediv>
<refname>session_decode</refname>
<refpurpose>Decodes session data from a string</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>bool</type><methodname>session_decode</methodname>
<methodparam><type>string</type><parameter>data</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_decode</function> decodes the session data in
<parameter>data</parameter>, setting variables stored in the
session.
</para>
</refsect1>
</refentry>
<refentry id="function.session-encode">
<refnamediv>
<refname>session_encode</refname>
<refpurpose>
Encodes the current session data as a string
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>string</type><methodname>session_encode</methodname>
<void/>
</methodsynopsis>
<para>
<function>session_encode</function> returns a string with the
contents of the current session encoded within.
</para>
</refsect1>
</refentry>
<refentry id="function.session-set-save-handler">
<refnamediv>
<refname>session_set_save_handler</refname>
<refpurpose>
Sets user-level session storage functions
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>void</type><methodname>session_set_save_handler</methodname>
<methodparam><type>string</type><parameter>open</parameter></methodparam><methodparam><type>string</type><parameter>close</parameter></methodparam><methodparam><type>string</type><parameter>read</parameter></methodparam><methodparam><type>string</type><parameter>write</parameter></methodparam><methodparam><type>string</type><parameter>destroy</parameter></methodparam><methodparam><type>string</type><parameter>gc</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_set_save_handler</function> sets the user-level
session storage functions which are used for storing and
retrieving data associated with a session. This is most useful
when a storage method other than those supplied by PHP sessions
is preferred. i.e. Storing the session data in a local database.
</para>
<note>
<para>
You must set the configuration option
<parameter>session.save_handler</parameter> to
<parameter>user</parameter> in your &php.ini; file for
<function>session_set_save_handler</function> to take effect.
</para>
</note>
<note>
<para>
The "write" handler is not executed until after the output
stream is closed. Thus, output from debugging statements in the
"write" handler will never be seen in the browser. If debugging
output is necessary, it is suggested that the debug output be
written to a file instead.
</para>
</note>
<para>
The following example provides file based session
storage similar to the PHP sessions default save handler
<parameter>files</parameter>. This example could easily be
extended to cover database storage using your favorite PHP
supported database engine.
</para>
<para>
Read function must return string value always to make save
handler work as expected. Return empty string if there is no data
to read. Return values from other handlers are converted to
boolean expression. TRUE for success, FALSE for failure.
</para>
<para>
<example>
<title>
<function>session_set_save_handler</function> example
</title>
<programlisting role="php">
<![CDATA[
<?php
function open ($save_path, $session_name) {
global $sess_save_path, $sess_session_name;
$sess_save_path = $save_path;
$sess_session_name = $session_name;
return(true);
}
function close() {
return(true);
}
function read ($id) {
global $sess_save_path, $sess_session_name;
$sess_file = "$sess_save_path/sess_$id";
if ($fp = @fopen($sess_file, "r")) {
$sess_data = fread($fp, filesize($sess_file));
return($sess_data);
} else {
return(""); // Must return "" here.
}
}
function write ($id, $sess_data) {
global $sess_save_path, $sess_session_name;
$sess_file = "$sess_save_path/sess_$id";
if ($fp = @fopen($sess_file, "w")) {
return(fwrite($fp, $sess_data));
} else {
return(false);
}
}
function destroy ($id) {
global $sess_save_path, $sess_session_name;
$sess_file = "$sess_save_path/sess_$id";
return(@unlink($sess_file));
}
/*********************************************
* WARNING - You will need to implement some *
* sort of garbage collection routine here. *
*********************************************/
function gc ($maxlifetime) {
return true;
}
session_set_save_handler ("open", "close", "read", "write", "destroy", "gc");
session_start();
// proceed to use sessions normally
?>
]]>
</programlisting>
</example>
</para>
</refsect1>
</refentry>
<refentry id="function.session-cache-limiter">
<refnamediv>
<refname>session_cache_limiter</refname>
<refpurpose>Get and/or set the current cache limiter</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>string</type><methodname>session_cache_limiter</methodname>
<methodparam choice="opt"><type>string</type><parameter>cache_limiter</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_cache_limiter</function> returns the name of the
current cache limiter. If <parameter>cache_limiter</parameter> is
specified, the name of the current cache limiter is changed to the
new value.
</para>
<para>
The cache limiter controls the cache control HTTP headers sent to the
client. These headers determine the rules by which the page content
may be cached. Setting the cache limiter to <literal>nocache</literal>,
for example, would disallow any client-side caching. A value of
<literal>public</literal>, however, would permit caching. It can also
be set to <literal>private</literal>, which is slightly more restrictive
than <literal>public</literal>.
</para>
<para>
In <literal>private</literal> mode, Expire header sent to the
client, may cause confusion for some browser including Mozilla.
You can avoid this problem with
<literal>private_no_expire</literal> mode. Expire header is never
sent to the client in this mode.
</para>
<note>
<para>
<literal>private_no_expire</literal> was added in PHP 4.2.0dev.
</para>
</note>
<para>
The cache limiter is reset to the default value stored in
<literal>session.cache_limiter</literal> at request startup time. Thus,
you need to call <function>session_cache_limiter</function> for every
request (and before <function>session_start</function> is called).
</para>
<example>
<title><function>session_cache_limiter</function> examples</title>
<programlisting role="php">
<![CDATA[
<?php
# set the cache limiter to 'private'
session_cache_limiter('private');
$cache_limiter = session_cache_limiter();
echo "The cache limiter is now set to $cache_limiter<p>";
?>
]]>
</programlisting>
</example>
</refsect1>
</refentry>
<refentry id='function.session-cache-expire'>
<refnamediv>
<refname>session_cache_expire</refname>
<refpurpose>Return current cache expire</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>int</type><methodname>session_cache_expire</methodname>
<methodparam choice="opt"><type>int</type><parameter>new_cache_expire</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_cache_expire</function> returns current cache expire.
If <parameter>new_cache_expire</parameter> is given, the current
cache expire is replaced with <parameter>new_cache_expire</parameter>.
</para>
</refsect1>
</refentry>
<refentry id="function.session-write-close">
<refnamediv>
<refname>session_write_close</refname>
<refpurpose>Write session data and end session</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>void</type><methodname>session_write_close</methodname>
<void/>
</methodsynopsis>
<para>
End the current session and store session data.
</para>
<para>
Session data is usually stored after your script terminated
without the need to call <function>session_write_close</function>, but as
session data is locked to prevent concurrent writes only one
script may operate on a session at any time. When using framesets
together with sessions you will experience the frames loading one
by one due to this locking. You can reduce the time needed to
load all the frames by ending the session as soon as all changes
to session variables are done.
</para>
<!-- commented out until final decision on implementation
<para>
See also: <function>session_readonly</function>.
</para>
-->
</refsect1>
</refentry>
<!-- commented out until final decision on implementation
<refentry id="function.session-readonly">
<refnamediv>
<refname>session_readonly</refname>
<refpurpose>Begin session - reinitializes freezed variables, but no writeback on request end</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>void</type><methodname>session_readonly</methodname>
<void/>
</methodsynopsis>
<para>
Read in session data without locking the session data. Changing
session data is not possible, but frameset performance will be improved.
</para>
</refsect1>
</refentry>
-->
</reference>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
Reference in a new issue View git blame Copy permalink