How do I know if a session is active?

Question

How do I know if a session is active?

There are several different ways in a query to determine if a session has been started, for example:

$isSessionActive = (session_id() != "");

Or:

 $isSessionActive = defined('SID');

However, both of them do not work if you start a session and then close it; session_id() will return the previous session identifier, and the SID will be determined. Similarly, calling session_start() at this point will generate E_NOTICE if you already have a session. Is there any reasonable way to check if a session is currently active without resorting to output buffering, the locking operator ( @session_start() ), or something else equally hacky?

EDIT: I wrote a patch to try to include this functionality in PHP: http://bugs.php.net/bug.php?id=52982

EDIT 8/29/2011: A new function was added in PHP 5.4 to fix this: "Open session status with the new session_status function"

 // as of 8/29/2011 $isSessionActive = (session_status() == PHP_SESSION_ACTIVE);

EDIT 12/5/11: session_status () in the PHP manual.

+40

php session

ken Sep 24 '10 at 15:05

source share

7 answers

I worked on this by adding a couple of wrapper functions around various create / close session / destroy functions. Mostly:

 function open_session() { session_start(); $_SESSION['is_open'] = TRUE; } function close_session() { session_write_close(); $_SESSION['is_open'] = FALSE; } function destroy_session() { session_destroy(); $_SESSION['is_open'] = FALSE; } function session_is_open() { return($_SESSION['is_open']); }

Hackish, but did what I needed.

+15

Marc B Sept. 24 2018-10-09T00:

source share

I also come across this, and setting in $_SESSION is not an option for me. For PHP 5.3.8:

If any session is started with a request, define('SID') will return FALSE , and $_SESSION will not be set.
This does not depend on whether session_id() to set the session identifier or not.
After defining the first session_start() , SID and $_SESSION , an empty array is set.
session_destroy() disables session_id() , then this is an empty string. SID will remain defined (and set the previous value for it, which may be an empty string). $_SESSION remains unchanged. It will get reset / populated next time session_start .

With these states, especially as session_id() you can call between them to set the identifier for the next session, it is not possible to safely determine the state of the session using SID , $_SESSION and session_id() .

An “attempt” using session_start() (for example, with @ ) may not be very useful, as it will change the session status and change the contents of $_SESSION (and add a set-cookie header if the cookie was not part of the request). This was inappropriate in my case.

While I was running the tests, I came across this behavior that you cannot try to change the ini session.serialize_handler setting when the session is active, even if you set it to the same value. The same is true for session.use_trans_sid ^Docs , which is easier. This led me to the following function:

 /** * @return bool */ function session_is_active() { $setting = 'session.use_trans_sid'; $current = ini_get($setting); if (FALSE === $current) { throw new UnexpectedValueException(sprintf('Setting %s does not exists.', $setting)); } $result = @ini_set($setting, $current); return $result !== $current; }

As far as I see, the error only checks the active status of the session (not disconnected), so this should not return a false positive result when disconnecting sessions.

For this function to be compatible with PHP 5.2, it needs a little modification:

 /** * @return bool */ function session_is_active() { $setting = 'session.use_trans_sid'; $current = ini_get($setting); if (FALSE === $current) { throw new UnexpectedValueException(sprintf('Setting %s does not exists.', $setting)); } $testate = "mix$current$current"; $old = @ini_set($setting, $testate); $peek = @ini_set($setting, $current); $result = $peek === $current || $peek === FALSE; return $result; }

Some sandbox .

+10

hakre Oct 05 2018-11-11T00:

source share

The following code only resets one session_id () for me, not two

 session_start(); echo session_id(); session_destroy(); echo session_id();

If you are having difficulty with this, you can try creating a variable to test that you destroy when you destroy a session.

 session_start(); $_SESSION['intialized'] = 'This will not print'; $_SESSION = array(); // Unset all variables session_destroy(); echo $_SESSION['initialized']; // No output

+3

Robert Sep 24 2018-10-10T00:

source share

Here's a nice drop in replacement that won't break when you go to 5.4:

 if(!function_exists('session_status')){ function session_active(){ return defined('SID'); } }else{ function session_active(){ return (session_status() == PHP_SESSION_ACTIVE); } }

+1

Beachhouse Feb 06 '13 at 15:23

source share

Ken, if the session is destroyed, the $ _SESSION array should not be available ... or at least your values should be canceled. So, in theory (untested) you should be able to check the array for a value in order to know if anything is currently installed.

0

bpeterson76 Sep 24 2018-10-10T00:

source share

There are several places that you need to check to verify that the session is active:

1 cookie exists and the 2nd storage mechanism of the main session (file system or database) has not expired and has an entry corresponding to the cookie.

0

beiller May 7 '13 at 7:10

source share

ken · Accepted Answer · 2011-08-30 15:26

See editing the original question; basically, PHP 5.4 and above now has a session_status() function to solve this problem!

"Open session status with the new session_status function" (SVN version 315745)

If you need this functionality in versions prior to PHP 5.4, see the hakre answer .

How do I know if a session is active?

More articles: