Maybe depending on PHP settings, but if return values are not the above, then go for this:
_DISABLED = 0
_NONE = 1
_ACTIVE = 2
(PHP 5 >= 5.4.0, PHP 7, PHP 8)
session_status — Returns the current session status
This function has no parameters.
PHP_SESSION_DISABLED if sessions are disabled.
PHP_SESSION_NONE if sessions are enabled, but none exists.
PHP_SESSION_ACTIVE if sessions are enabled, and one exists.
Maybe depending on PHP settings, but if return values are not the above, then go for this:
_DISABLED = 0
_NONE = 1
_ACTIVE = 2Use always session_status(), to check if a session is already started and active.
if(session_status() !== PHP_SESSION_ACTIVE) session_start();
or
if(session_status() === PHP_SESSION_NONE) session_start();
Don't use
if(!isset($_SESSION)) session_start();
or
if(session_id() === "") session_start();
They will not work properly after a call to session_write_close().
Both functions will continue to report, that the session exists.
And this is right, you can read from $_SESSION, but if you want to write,
you need session_start() again.
As a shorthand you can use
@session_start()
with the @ at the beginning to suppress the
PHP notice "A session had already been started - ignoring session_start()"
As stated in the manual for session_start(), a second call will do no harm,
it will be simply ignored. But you need the @, if you don't want to get the notice.Universal function for checking session status.
<?php
/**
* @return bool
*/
function is_session_started()
{
if ( php_sapi_name() !== 'cli' ) {
if ( version_compare(phpversion(), '5.4.0', '>=') ) {
return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE;
} else {
return session_id() === '' ? FALSE : TRUE;
}
}
return FALSE;
}
// Example
if ( is_session_started() === FALSE ) session_start();
?>Note session_status() is for file based session only.
DB based session status needs to have custom function based on table structure.The advice of ive_insomnia at live dot com should be taken with great care.
First of all, while his use case for session_status is valid, a simpler way to avoid the warning is:
<?php
if (!isset($_SESSION)) { session_start(); }
?>
The example of session_status uses the raw values of constants (2 in this case) created specifically for the purpose of not having to use magic numbers.
Better code would be:
<?php
if (session_status() !== PHP_SESSION_ACTIVE) {session_start();}
?>
The same can be done using
<?
if (session_id() === "") { session_start(); }
?>
The use of this function is lies more towards status management: change the behavior of a script when sessions are disabled altogether, for example.Numerical Values for
PHP_SESSION_DISABLED is 0
PHP_SESSION_NONE is 1
PHP_SESSION_ACTIVE is 2This is how the session_status() works:
<?php
function session_status(){
if(!extension_loaded('session')){
return 0;
}elseif(!file_exists(session_save_path().'/sess_'.session_id()){
return 1;
}else{
return 2;
}
}
?>If you started and closed a session then test ( session_id() === '' ) to check if a session is active it won't work, session_id() returns an ID even if the session is closed.
Anybody knows another way before PHP 5.4 to check if a session is really not currently active ?Just another function to determine whether the session has already started:
function is_session_started () {
return function_exists ( 'session_status' ) ? ( PHP_SESSION_ACTIVE == session_status () ) : ( ! empty ( session_id () ) );
}