I have a few questions about using session_start(); Some sites tell us to put them at the top of the page but would this not start a new session everytime someone refreshes the page or clicked on that page? before we know it there could be thousands of sessions just for one person. I have spent the last week looking on websites for information on how to use session_start(); but none of them have explained it in much detail. I have a small website with a few pages (nothing fancy) but I don't know if I need to add session_start(); at the top of every page? Should a session_start(); happen only after they have logged in?
Asked
Active
Viewed 128 times
-3
-
1What makes you think that a new session is started on refreshing? – Nico Haase Feb 08 '20 at 08:55
-
I don't, that is why I am asking :) – Dion Feb 08 '20 at 08:57
-
3Easy solution go to php.net, https://www.php.net/manual/en/function.session-start.php. – user3783243 Feb 08 '20 at 08:57
-
1A new session is not instantiated on every refresh; it is only instantiated when the browser connects to the php server and is destroyed automatically when the user closes the browser. – hecate Feb 08 '20 at 08:58
-
1Well, if you don't think that this could happen, I don't get your question. Couldn't you fire up a quick script to check whether this happens if you don't trust the documentation? – Nico Haase Feb 08 '20 at 08:59
-
does it need to be at the top of the page for people who never login? – Dion Feb 08 '20 at 08:59
-
1@Dion again the manual has all of this documented. `To use cookie-based sessions, session_start() must be called before outputing anything to the browser.` – user3783243 Feb 08 '20 at 09:00
-
ok this makes sense. sorry for my n00b questions, just trying to understand how it works better – Dion Feb 08 '20 at 09:01
-
yes it does and thanks for your help. not sure why everyone is downvoting my first question, I was only asking for advice – Dion Feb 08 '20 at 09:08
-
Downvotes are often given when people feel you have not researched your question enough before asking it. I tend to agree with that opinion, as an internet search on the subject leads to very useful advise in this respect. – trincot Feb 08 '20 at 09:29
-
I kind of disagree, I spent over a week researching it that was why I ended up asking on this site, after all that is what this site is for right? also the internet can be misleading as one site can contradict another site. Many sites do not keep their listed code upto date and on top of that a lot of posts do not have dates to show then the last update was made. – Dion Feb 08 '20 at 09:53
3 Answers
2
As per the PHP documentation
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
Sehdev
- 5,148
- 3
- 9
- 31
2
Think sessions as a cookie that expires when you close the browser.
You only need to add session_start() at the first page that loads, then the browser will store the value of that session until you close the browser (or specify otherwise).
If you refresh the page the session doesn't start again, the browser checks and if it's already there does nothing.
2
Typically a web site may have some public content, for which authentication is not needed, and not even a session. It would indeed not be necessary to execute session_start() for those visits.
However:
- sessions consume little server memory (just an ID), and may (depending on settings) even only rely on a client cookie. The actual data you explicitly store in server memory when you actually store content in them (assigning to
$_SESSION["foo"]) will of course consume memory, but that scenario only occurs when you really wanted that to happen. - sessions expire, freeing any memory that was used for it
So you should only worry about this, when when you expect visits from a lot of different users in a relative short time span.
However, it also makes code more understandable when it only executes session_start() in scenarios where it is about to access $_SESSION for the first time in that particular request.
trincot
- 263,463
- 30
- 215
- 251