php session_start with include files

Question

i learned a lot about session start from my previous question. Now i\'m wondering how session locking occurs when files are included in other files. Lets say i have:

Answer 1

I would recommend creating a session.php file that you would include once, at the first line of each page. That way, the session is handled in ONE file, in case you need to change validation or session settings (and don't need to worry about your question).

Answer 2

1. You should start session only one time. In your example, just need session_start() at the first line of page.php
2. session_start() will generate E_NOTICE if session was previously started. You can use @session_start() to ignore it.
3. It also generates E_NOTICE if you use session_start() after you output HTML code.

Answer 3

Due to the answers above talking about errors if session already started, I just wanted to point out you can do:

if (!isset($_SESSION))
  {
    session_start();
  }

Then if the $_SESSION is already started (set) it wont perform the start function.

Although there's nothing better than a well structured file and folder layout with a good framework setup. Even if just a simple framework structure which separates business logic from presentation.

This way, you'd have something similar to a config folder with initialisation scripts, or at the very least have include files in some folder which are included in all pages/scripts.

Then you simply have your session_start() in (depending on your setup) either the very first include file, or in a separate include file and then include that session file when needed in a specific area of the script.

Either way, you then don't need to call it in any other files, as you know it's simply not required based on your design structure.

If you do not have a file which is always included, then at least use the isset() check.

Answer 4

As long as you are not accessing or creating session variables you do not need to worry about session_start(). You only really need to worry about session_start if the script you are running will create session variables, or relies on accessing session variables to function.

If file1 is not accessing or creating variables for use by other scripts then don't call it. If file2 that is included by file1 is creating or relies on variables in the session then file2 should call session_start(). File2 will be included in the session and will be able to access all session variables, but file1 will not.

If you call session_start() in file1, then file2 will be able to access all session vars as if it called session_start().

Hope this clarifies the situation a bit more.

Great tip from James re using isset. This will prevent attempting a pointless session call.

Also check your php.ini file for the session.auto_start var. If this is set to 1 then all files will be run as if they made a session_start() call. Set it to 0 in the php.ini file if you want to control it yourself.

Answer 5

As of PHP 4.3.3, calling session_start() after the session was previously started will result in an error of level E_NOTICE. Also, the second session start will simply be ignored.