downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | conferences | my php.net

search for in the

$_ENV> <$_REQUEST
[edit] Last updated: Fri, 26 Apr 2013

view this page in

$_SESSION

$HTTP_SESSION_VARS [deprecated]

(PHP 4 >= 4.1.0, PHP 5)

$_SESSION -- $HTTP_SESSION_VARS [deprecated]Session variables

Description

An associative array containing session variables available to the current script. See the Session functions documentation for more information on how this is used.

$HTTP_SESSION_VARS contains the same initial information, but is not a superglobal. (Note that $HTTP_SESSION_VARS and $_SESSION are different variables and that PHP handles them as such)

Changelog

Version Description
4.1.0 Introduced $_SESSION that deprecated $HTTP_SESSION_VARS.

Notes

Note:

This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes throughout a script. There is no need to do global $variable; to access it within functions or methods.

See Also



$_ENV> <$_REQUEST
[edit] Last updated: Fri, 26 Apr 2013
 
add a note add a note User Contributed Notes $_SESSION - [6 notes]
up
2
jherry at netcourrier dot com
4 years ago
You may have trouble if you use '|' in the key:

$_SESSION["foo|bar"] = "fuzzy";

This does not work for me. I think it's because the serialisation of session object is using this char so the server reset your session when it cannot read it.

To make it work I replaced '|' by '_'.
up
3
bohwaz
4 years ago
Please note that if you have register_globals to On, global variables associated to $_SESSION variables are references, so this may lead to some weird situations.

<?php

session_start();

$_SESSION['test'] = 42;
$test = 43;
echo $_SESSION['test'];

?>

Load the page, OK it displays 42, reload the page... it displays 43.

The solution is to do this after each time you do a session_start() :

<?php

if (ini_get('register_globals'))
{
    foreach ($_SESSION as $key=>$value)
    {
        if (isset($GLOBALS[$key]))
            unset($GLOBALS[$key]);
    }
}

?>
up
0
Steve Clay
4 years ago
Unlike a real PHP array, $_SESSION keys at the root level must be valid variable names.

<?php
$_SESSION[1][1] = 'cake'; // fails

$_SESSION['v1'][1] = 'cake'; // works
?>

I imagine this is an internal limitation having to do with the legacy function session_register(), where the registered global var must similarly have a valid name.
up
-1
Dave
3 years ago
If you deploy php code and cannot control whether register_globals is off, place this snippet in your code to prevent session injections:

<?php
if (isset($_REQUEST['_SESSION'])) die("Get lost Muppet!");
?>
up
-2
pike-php at kw dot nl
2 years ago
When accidently assigning a unset variable to $_SESSION, like

   $_SESSION['foo'] = $bar

while $bar was not defined, I got the following error message:

"Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. "

The errormessage was quite unrelated and got me off-track. The real error was, $bar was not defined.
up
-2
charlese at cvs dot com dot au
3 years ago
I was having troubles with session variables working in some environments and being seriously flaky in others. I was using $_SESSION as an array. It works properly when I used $_SESSION as pointers to arrays. As an example the following code works in some environments and not others.

<?php
//Trouble if I treate $form_convert and $_SESSION['form_convert'] as unrelated items
$form_convert=array();
if (isset($_SESSION['form_convert'])){
        $form_convert=$_SESSION['form_convert'];
    }
}
?>
The following works well.
<?php
if (isset($_SESSION['form_convert'])){
    $form_convert = $_SESSION['form_convert'];
}else{
    $form_convert = array();
    $_SESSION['form_convert']=$form_convert;
}
?>
add a note add a note

 
show source | credits | stats | sitemap | contact | advertising | mirror sites