$_SESSION

    $_SESSIONSession 变量

    说明

    当前脚本可用 SESSION 变量的数组。更多关于如何使用的信息,参见 Session 函数 文档。

    注释

    注意: “Superglobal”也称为自动化的全局变量。这就表示其在脚本的所有作用域中都是可用的。不需要在函数或方法中用 global $variable; 来访问它。

    参见

    发现了问题?

    了解如何改进此页面提交拉取请求报告一个错误
    添加备注

    用户贡献的备注 3 notes

    up
    81
    Tugrul
    11 years ago
    Creating New Session
==========================
<?php 
session_start();
/*session is started if you don't write this line can't use $_Session  global variable*/
$_SESSION["newsession"]=$value;
?>
Getting Session
==========================
<?php 
session_start();
/*session is started if you don't write this line can't use $_Session  global variable*/
$_SESSION["newsession"]=$value;
/*session created*/
echo $_SESSION["newsession"];
/*session was getting*/
?>
Updating Session
==========================
<?php 
session_start();
/*session is started if you don't write this line can't use $_Session  global variable*/
$_SESSION["newsession"]=$value;
/*it is my new session*/
$_SESSION["newsession"]=$updatedvalue;
/*session updated*/
?>
Deleting Session
==========================
<?php 
session_start();
/*session is started if you don't write this line can't use $_Session  global variable*/
$_SESSION["newsession"]=$value;
unset($_SESSION["newsession"]);
/*session deleted. if you try using this you've got an error*/
?>
    up
    0
    gemik850 at gmail dot com
    3 hours ago
    PHP
<?php
// 1. Session and Database Initialization
session_start();

$host = 'localhost';
$db   = 'database_name';
$user = 'username';
$pass = 'password';

$dsn = "mysql:host=$host;dbname=$db;charset=utf8mb4";
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
];

try {
     $pdo = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
     throw new \PDOException($e->getMessage(), (int)$e->getCode());
}

// 2. Authentication Logic (Login)
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action_login'])) {
    $email = trim($_POST['email']);
    $password = $_POST['password'];

    $stmt = $pdo->prepare('SELECT id, password_hash FROM users WHERE email = ?');
    $stmt->execute([$email]);
    $user = $stmt->fetch();

    if ($user && password_verify($password, $user['password_hash'])) {
        // Regenerate session ID to prevent session fixation attacks
        session_regenerate_id(true);
        
        $_SESSION['auth_user_id'] = $user['id'];
        $_SESSION['auth_logged_in'] = true;
        
        header('Location: dashboard.php');
        exit;
    } else {
        echo "Invalid email or password.";
    }
}

// 3. Verification Condition (Check if user is logged in)
if (!isset($_SESSION['auth_logged_in']) || $_SESSION['auth_logged_in'] !== true) {
    // User is not authenticated, redirect to login page
    header('Location: login.php');
    exit;
}

// 4. Accessible only to authenticated users
echo "Access granted. User ID: " . htmlspecialchars($_SESSION['auth_user_id']);
?>
    up
    -2
    bohwaz
    17 years ago
    Please note that if you have register_globals to On, global variables associated to $_SESSION variables are references, so this may lead to some weird situations.

<?php

session_start();

$_SESSION['test'] = 42;
$test = 43;
echo $_SESSION['test'];

?>

Load the page, OK it displays 42, reload the page... it displays 43.

The solution is to do this after each time you do a session_start() :

<?php

if (ini_get('register_globals'))
{
    foreach ($_SESSION as $key=>$value)
    {
        if (isset($GLOBALS[$key]))
            unset($GLOBALS[$key]);
    }
}

?>
    添加备注
    To Top