File: session.xml

package info (click to toggle)
phpdoc 20020310-1
links: PTS
area: main
in suites: woody
size: 35,272 kB
ctags: 354
sloc: xml: 799,767; php: 1,395; cpp: 500; makefile: 200; sh: 140; awk: 51
file content (1264 lines) | stat: -rw-r--r-- 42,209 bytes
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.83 $ -->
 <reference id="ref.session">
  <title>Session handling functions</title>
  <titleabbrev>Sessions</titleabbrev>
	
  <partintro>
   <para>
    Session support in PHP consists of a way to preserve certain data
    across subsequent accesses. This enables you to build more
    customized applications and increase the appeal of your web site.
   </para>
   <para>
    If you are familiar with the session management of PHPLIB, you
    will notice that some concepts are similar to PHP's session
    support.
   </para>
   <para>
    A visitor accessing your web site is assigned an unique id, the
    so-called session id. This is either stored in a cookie on the
    user side or is propagated in the URL.
   </para>
   <para>
    The session support allows you to register arbitrary numbers of
    variables to be preserved across requests. When a visitor accesses
    your site, PHP will check automatically (if session.auto_start is
    set to 1) or on your request (explicitly through
    <function>session_start</function> or implicitly through
    <function>session_register</function>) whether a specific session
    id has been sent with the request. If this is the case, the prior
    saved environment is recreated.
   </para>
   <para>
    All registered variables are serialized after the request
    finishes.  Registered variables which are undefined are marked as
    being not defined.  On subsequent accesses, these are not defined
    by the session module unless the user defines them later.
   </para>
   <para>
    The <link
    linkend="ini.track-vars"><literal>track_vars</literal></link> and
    <link
    linkend="ini.register-globals"><literal>register_globals</literal></link>
    configuration settings influence how the session variables get
    stored and restored.
   </para>

   <note>
    <para>
     As of PHP 4.0.3, <link
     linkend="ini.track-vars"><literal>track_vars</literal></link> is
     always turned on.
    </para>
   </note>
   <note>
    <para>
     As of PHP 4.1.0, <varname>$_SESSION</varname> is available as
     global variable just like <varname>$_POST</varname>,
     <varname>$_GET</varname>, <varname>$_REQUEST</varname> and so on.
     Not like <varname>$HTTP_SESSION_VARS</varname>,
     <varname>$_SESSION</varname> is always global. Therefore,
     <literal>global</literal> should not be used for
     <varname>$_SESSION</varname>.
    </para>
   </note>

   <para>
    If <link
    linkend="ini.track-vars"><literal>track_vars</literal></link> is
    enabled and <link
    linkend="ini.register-globals"><literal>register_globals</literal></link>
    is disabled, only members of the global associative array
    <varname>$HTTP_SESSION_VARS</varname> can be registered as session
    variables. The restored session variables will only be available
    in the array <varname>$HTTP_SESSION_VARS</varname>.
  <example>
     <title>
      Registering a variable with <link
      linkend="ini.track-vars"><literal>track_vars</literal></link>
      enabled
     </title>
     <programlisting role="php">
<![CDATA[
<?php
if (isset($HTTP_SESSION_VARS['count'])) {
   $HTTP_SESSION_VARS['count']++;
}
else {
   $HTTP_SESSION_VARS['count'] = 0;
}
?>
]]>
     </programlisting>
    </example>
   </para>
   <para>
    Use of <varname>$_SESSION</varname> (or
    <varname>$HTTP_SESSION_VARS</varname> with PHP 4.0.6 or less) is
    recommended for security and code readablity. With
    <varname>$_SESSION</varname> or
    <varname>$HTTP_SESSION_VARS</varname>, there is no need to use
    session_register()/session_unregister()/session_is_registered()
    functions. Users can access session variable like a normal
    variable.
    <example>
     <title>
      Registering a variable with $_SESSION.
     </title>
     <programlisting role="php">
<![CDATA[
<?php
// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less
if (!isset($_SESSION['count'])) {
    $_SESSION['count'] = 0;
} else {
    $_SESSION['count']++;
}
?>
]]>
     </programlisting>
    </example>
    <example>
     <title>
      Unregistering a variable with $_SESSION.
     </title>
     <programlisting role="php">
<![CDATA[
<?php
// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less
unset($_SESSION['count']);

?>
]]>
     </programlisting>
    </example>
   </para>
   <para>
    If <link
    linkend="ini.register-globals"><literal>register_globals</literal></link>
    is enabled, then all global variables can be registered as session
    variables and the session variables will be restored to
    corresponding global variables. Since PHP must know which global
    variables are registered as session variables, users must register
    variables with session_register() function while
    <varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>
    does not need to use session_register().
    <caution>
     <para>
      If you are using
      <varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>
      and disable <link
      linkend="ini.register-globals"><literal>register_globals</literal></link>,
      do not use <function>session_register</function>,
      <function>session_is_registered</function> and
      <function>session_unregister</function>.
     </para>
     <para>
      If you enable <link
       linkend="ini.register-globals"><literal>register_globals</literal></link>,
       <function>session_unregister</function> should be used since
       session variables are registered as global variables when
       session data is deserialized. Disabling <link
       linkend="ini.register-globals"><literal>register_globals</literal></link>
       is recommended for both security and performance reason.
     </para>
    </caution>
    <example>
     <title>
      Registering a variable with <link
      linkend="ini.register-globals"><literal>register_globals</literal></link>
      enabled
     </title>
     <programlisting role="php">
<![CDATA[
<?php
if (!session_is_registered('count')) {
    session_register("count");
    $count = 0;
}
else {
    $count++;
}
?>
]]>
     </programlisting>
    </example>
   </para>
   <para>
    If both <link
    linkend="ini.track-vars"><literal>track_vars</literal></link> and
    <link
    linkend="ini.register-globals"><literal>register_globals</literal></link>
    are enabled, then the globals variables and the
    <varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>
    entries will reference the same value for already registered
    variables.
   </para>
   <para>
    If user use session_register() to register session variable,
    <varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>
    will not have these variable in array until it is loaded from
    session storage. (i.e. until next request)
   </para>
   <para>
    There are two methods to propagate a session id:
    <itemizedlist>
     <listitem>
      <simpara>
       Cookies
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       URL parameter
      </simpara>
     </listitem>
    </itemizedlist>
   </para>
   <para>
    The session module supports both methods. Cookies are optimal, but
    since they are not reliable (clients are not bound to accept
    them), we cannot rely on them. The second method embeds the
    session id directly into URLs.
   </para>
   <para>
    PHP is capable of doing this transparently when compiled with
    <link linkend="install.configure.enable-trans-sid">
    <literal>--enable-trans-sid</literal></link>. If you enable this option,
    relative URIs will be changed to contain the session id
    automatically.  Alternatively, you can use the constant
    <literal>SID</literal> which is defined, if the client did not
    send the appropriate cookie.  <literal>SID</literal> is either of
    the form <literal>session_name=session_id</literal> or is an empty
    string.
   </para>
   <para>
    The following example demonstrates how to register a variable, and
    how to link correctly to another page using SID.
    <example>
     <title>Counting the number of hits of a single user</title>
     <programlisting role="php">
<![CDATA[
<?php
if (!session_is_registered('count')) {
    session_register('count');
    $count = 1;
}
else {
    $count++;
}
?>

Hello visitor, you have seen this page <?php echo $count; ?> times.<p>;

<?php
# the <?php echo SID?> (<?=SID?> can be used if short tag is enabled) 
# is necessary to preserve the session id
# in the case that the user has disabled cookies
?>

To continue, <A HREF="nextpage.php?<?php echo SID?>">click here</A>
]]>
     </programlisting>
    </example>
   </para>
   <para>
    The <literal>&lt;?=SID?&gt;</literal> is not necessary, if
    <link linkend="install.configure.enable-trans-sid">
    <literal>--enable-trans-sid</literal></link> was used to compile PHP.
   </para>
   <note>
    <para>
     Non-relative URLs are assumed to point to external sites and
     hence don't append the SID, as it would be a security risk to
     leak the SID to a different server.
    </para>
   </note>
   <para>
    To implement database storage, or any other storage method, you
    will need to use <function>session_set_save_handler</function> to
    create a set of user-level storage functions.
   </para>
   <para>
    The session management system supports a number of configuration
    options which you can place in your php.ini file. We will give a
    short overview.
    <itemizedlist>
     <listitem>
      <simpara>
       <literal>session.save_handler</literal> defines the name of the
       handler which is used for storing and retrieving data
       associated with a session.  Defaults to
       <literal>files</literal>.
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.save_path</literal> defines the argument which
       is passed to the save handler. If you choose the default files
       handler, this is the path where the files are created.
       Defaults to <literal>/tmp</literal>. If
       <literal>session.save_path</literal>'s path depth is more than
       2, garbage collection will not be performed.
      </simpara>
      <warning>
       <para>
        If you leave this set to a world-readable directory, such as
        <filename>/tmp</filename> (the default), other users on the
        server may be able to hijack sessions by getting the list of
        files in that directory.
       </para>
      </warning>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.name</literal> specifies the name of the
       session which is used as cookie name. It should only contain
       alphanumeric characters.  Defaults to
       <literal>PHPSESSID</literal>.
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.auto_start</literal> specifies whether the
       session module starts a session automatically on request
       startup. Defaults to <literal>0</literal> (disabled).
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.cookie_lifetime</literal> specifies the lifetime of
       the cookie in seconds which is sent to the browser. The value 0
       means "until the browser is closed." Defaults to
       <literal>0</literal>.
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.serialize_handler</literal> defines the name
       of the handler which is used to serialize/deserialize
       data. Currently, a PHP internal format (name
       <literal>php</literal>) and WDDX is supported (name
       <literal>wddx</literal>). WDDX is only available, if PHP is
       compiled with <link linkend="ref.wddx">WDDX
       support</link>. Defaults to <literal>php</literal>.
       </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.gc_probability</literal> specifies the
       probability that the gc (garbage collection) routine is started
       on each request in percent. Defaults to <literal>1</literal>.
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.gc_maxlifetime</literal> specifies the number
       of seconds after which data will be seen as 'garbage' and
       cleaned up.  
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.referer_check</literal> contains the substring you
       want to check each HTTP Referer for. If the Referer was sent by the
       client and the substring was not found, the embedded session id will 
       be marked as invalid. Defaults to the empty string.
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.entropy_file</literal> gives a path to an
       external resource (file) which will be used as an additional
       entropy source in the session id creation process. Examples are
       <literal>/dev/random</literal> or
       <literal>/dev/urandom</literal> which are available on many
       Unix systems.
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.entropy_length</literal> specifies the number
       of bytes which will be read from the file specified
       above. Defaults to <literal>0</literal> (disabled).
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.use_cookies</literal> specifies whether the
       module will use cookies to store the session id on the client
       side. Defaults to <literal>1</literal> (enabled).
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.cookie_path</literal> specifies path to set 
       in session_cookie. Defaults to <literal>/</literal>.
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.cookie_domain</literal> specifies domain to 
       set in session_cookie. Default is none at all. 
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.cache_limiter</literal> specifies cache
       control method to use for session pages
       (none/nocache/private/private_no_expire/public).  Defaults to
       <literal>nocache</literal>.
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.cache_expire</literal> specifies time-to-live
        for cached session pages in minutes, this has no effect for
        nocache limiter. Defaults to <literal>180</literal>.
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>session.use_trans_sid</literal> whether transparent sid support
       is enabled or not if enabled by compiling with 
       <link linkend="install.configure.enable-trans-sid">
       <literal>--enable-trans-sid</literal></link>.
       Defaults to <literal>1</literal> (enabled).
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <literal>url_rewriter.tags</literal> spefifies which html tags are
       rewritten to include session id if transparent sid support is enabled. 
       Defaults to <literal>a=href,area=href,frame=src,input=src,form=fakeentry</literal>
      </simpara>
     </listitem>
    </itemizedlist>
    <note>
     <para>
      Session handling was added in PHP 4.0.
     </para>
    </note>
   </para>
  </partintro>

  <refentry id="function.session-start">
   <refnamediv>
    <refname>session_start</refname>
    <refpurpose>Initialize session data</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>bool</type><methodname>session_start</methodname>
      <void/>
     </methodsynopsis>
    <simpara>
     <function>session_start</function> creates a session (or resumes
     the current one based on the session id being passed via a GET
     variable or a cookie).
    </simpara>
    <simpara>
     If you want to use a named session, you must call
     <function>session_name</function> before calling
     <function>session_start</function>.
    </simpara>
    <simpara>
     This function always returns &true;.
    </simpara>
    <note>
     <para>
      If you are using cookie-based sessions, you must call
      <function>session_start</function> before anything is output to the
      browser.
     </para>
    </note>
    <simpara>
     <function>session_start</function> will register internal output
     handler for URL rewriting when <literal>trans-sid</literal> is
     enabled. If a user uses <literal>ob_gzhandler</literal> or like
     with <function>ob_start</function>, the order of output handler
     is important for proper output. For example, user must register
     <literal>ob_gzhandler</literal> before session start.
    </simpara>
    <note>
     <simpara>
      Use of <literal>zlib.output_compression</literal> is recommended
      rather than <literal>ob_gzhandler</literal>
     </simpara>
    </note>
   </refsect1>
  </refentry>

  <refentry id="function.session-destroy">
   <refnamediv>
    <refname>session_destroy</refname>
    <refpurpose>Destroys all data registered to a session</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>bool</type><methodname>session_destroy</methodname>
      <void/>
     </methodsynopsis>
    <simpara>
     <function>session_destroy</function> destroys all of the data
     associated with the current session. It does not unset any of
     the global variables associated with the session, or unset the
     session cookie.
    </simpara>
    <simpara>
     This function returns &true; on success and 
     &false; on failure to destroy
     the session data.
    </simpara>
    <para>
     <example>
      <title>Destroying a session</title>
      <programlisting role="php">
<![CDATA[
<?php

// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
session_unset();
// Finally, destroy the session.
session_destroy();

?>
]]>
      </programlisting>
     </example>
    </para>
    <para>
     <example>
      <title>Destroying a session with $_SESSION</title>
      <programlisting role="php">
<![CDATA[
<?php

// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// Finally, destroy the session.
session_destroy();

?>
]]>
      </programlisting>
     </example>
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-name">
   <refnamediv>
    <refname>session_name</refname>
    <refpurpose>Get and/or set the current session name</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>string</type><methodname>session_name</methodname>
      <methodparam choice="opt"><type>string</type><parameter>name</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_name</function> returns the name of the current
     session. If <parameter>name</parameter> is specified, the name of
     the current session is changed to its value.
    </para>
    <para>
     The session name references the session id in cookies and
     URLs. It should contain only alphanumeric characters; it should
     be short and descriptive (i.e. for users with enabled cookie
     warnings). The session name is reset to the default value
     stored in <literal>session.name</literal> at request startup
     time. Thus, you need to call <function>session_name</function>
     for every request (and before <function>session_start</function>
     or <function>session_register</function> are called).
    </para>
    <example>
     <title><function>session_name</function> examples</title>
     <programlisting role="php">
<![CDATA[
<?php

// set the session name to WebsiteID

$previous_name = session_name("WebsiteID");

echo "The previous session name was $previous_name<p>";
?>
]]>
     </programlisting>
    </example>
   </refsect1>
  </refentry>

  <refentry id="function.session-module-name">
   <refnamediv>
    <refname>session_module_name</refname>
    <refpurpose>Get and/or set the current session module</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>string</type><methodname>session_module_name</methodname>
      <methodparam choice="opt"><type>string</type><parameter>module</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_module_name</function> returns the name of the
     current session module. If <parameter>module</parameter> is
     specified, that module will be used instead.
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-save-path">
   <refnamediv>
    <refname>session_save_path</refname>
    <refpurpose>Get and/or set the current session save path</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>string</type><methodname>session_save_path</methodname>
      <methodparam choice="opt"><type>string</type><parameter>path</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_save_path</function> returns the path of the current
     directory used to save session data. If <parameter>path</parameter>
     is specified, the path to which data is saved will be changed.
     <note>
      <para>
       On some operating systems, you may want to specify a path on a
       filesystem that handles lots of small files efficiently. For
       example, on Linux, reiserfs may provide better performance than
       ext2fs.
      </para>
     </note>
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-id">
   <refnamediv>
    <refname>session_id</refname>
    <refpurpose>Get and/or set the current session id</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>string</type><methodname>session_id</methodname>
      <methodparam choice="opt"><type>string</type><parameter>id</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_id</function> returns the session id for the
     current session. If <parameter>id</parameter> is specified, it
     will replace the current session id.
    </para>
    <para>
     The constant <systemitem>SID</systemitem> can also be used to
     retrieve the current name and session id as a string suitable for
     adding to URLs.
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-register">
   <refnamediv>
    <refname>session_register</refname>
    <refpurpose>
     Register one or more variables with the current session
    </refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>bool</type><methodname>session_register</methodname>
      <methodparam><type>mixed</type><parameter>name</parameter></methodparam>
      <methodparam choice="opt"><type>mixed</type><parameter>...</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_register</function> accepts a variable number of
     arguments, any of which can be either a string holding the name of a
     variable or an array consisting of variable names or other arrays. For
     each name, <function>session_register</function> registers the global
     variable with that name in the current session.
    </para>
    <caution>
     <para>
      This registers a <emphasis>global</emphasis> variable. If you want to
      register a session variable inside a function, you need to make sure to
      make it global using <function>global</function> or use the session
      arrays as noted below.
     </para>
    </caution>
    <caution>
     <para>
      If you are using
      <varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>,
      do not use <function>session_register</function>,
      <function>session_is_registered</function> and
      <function>session_unregister</function>.
     </para>
    </caution>
    <para>
     This function returns &true; when all of the variables are successfully
     registered with the session.
    </para>
    <para>
     If <function>session_start</function> was not called before this function
     is called, an implicit call to <function>session_start</function> with no
     parameters will be made.
    </para>
    <para>
     You can also create a session variable by simply setting the
     appropriate member of the <varname>$HTTP_SESSION_VARS</varname>
     or <varname>$_SESSION</varname> (PHP >= 4.1.0) array.
     <informalexample>
      <programlisting role="php">
<![CDATA[
$barney = "A big purple dinosaur.";
session_register("barney");

$HTTP_SESSION_VARS["zim"] = "An invader from another planet.";

# the auto-global $_SESSION array was introduced in PHP 4.1.0
$_SESSION["spongebob"] = "He's got square pants.";
]]>
      </programlisting>
     </informalexample>
    </para>
    <note>
     <para>
      It is not currently possible to register resource variables in a
      session.  For example, you can not create a connection to a
      database and store the connection id as a session variable and
      expect the connection to still be valid the next time the
      session is restored.  PHP functions that return a resource are
      identified by having a return type of
      <literal>resource</literal> in their function definitions.  A
      list of functions that return resources are available in the
      <link linkend="resource">resource types</link> appendix.
     </para>
     <para>
      If <varname>$_SESSION</varname> (or
      <varname>$HTTP_SESSION_VARS</varname> for PHP 4.0.6 or less) is
      used, assign variable to
      <varname>$_SESSION</varname>. i.e. $_SESSION['var'] = 'ABC';
     </para>
    </note>
    <para>
     See also <function>session_is_registered</function> and
     <function>session_unregister</function>.
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-unregister">
   <refnamediv>
    <refname>session_unregister</refname>
    <refpurpose>
     Unregister a variable from the current session
    </refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>bool</type><methodname>session_unregister</methodname>
      <methodparam><type>string</type><parameter>name</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_unregister</function> unregisters (forgets)
     the global variable named <parameter>name</parameter> from the
     current session.
    </para>
    <para>
     This function returns &true; when the variable is successfully
     unregistered from the session.
    </para>
    <note>
     <para>
      If <varname>$_SESSION</varname> (or
      <varname>$HTTP_SESSION_VARS</varname> for PHP 4.0.6 or less) is
      used, use <function>unset</function> to unregister a session
      variable.
     </para>
    </note>
    <caution>
     <para>
      This function doesn't unset the corresponding global variable for
      <parameter>name</parameter>, it only prevents the variable from being
      saved as part of the session. You must call <function>unset</function>
      to remove the corresponding global variable.
     </para>
    </caution>
    <caution>
     <para>
      If you are using
      <varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>,
      do not use <function>session_register</function>,
      <function>session_is_registered</function> and
      <function>session_unregister</function>.
     </para>
    </caution>
   </refsect1>
  </refentry>
  
  <refentry id="function.session-unset">
   <refnamediv>
    <refname>session_unset</refname>
    <refpurpose>
     Free all session variables
    </refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>void</type><methodname>session_unset</methodname>
      <void/>
     </methodsynopsis>
    <para>
     The <function>session_unset</function> function free's all session variables
     currently registered.
    </para>
    <note>
     <para>
      If <varname>$_SESSION</varname> (or
      <varname>$HTTP_SESSION_VARS</varname> for PHP 4.0.6 or less) is
      used, use <function>unset</function> to unregister session
      variable. i.e. $_SESSION = array();
     </para>
    </note>
   </refsect1>
  </refentry>

  <refentry id="function.session-is-registered">
   <refnamediv>
    <refname>session_is_registered</refname>
    <refpurpose>
     Find out if a variable is registered in a session
    </refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>bool</type><methodname>session_is_registered</methodname>
      <methodparam><type>string</type><parameter>name</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_is_registered</function> returns &true; if there
     is a variable with the name <parameter>name</parameter>
     registered in the current session.
    </para>
    <note>
     <para>
      If <varname>$_SESSION</varname> (or
      <varname>$HTTP_SESSION_VARS</varname> for PHP 4.0.6 or less) is
      used, use <function>isset</function> to check a variable is
      registered in <varname>$_SESSION</varname>.
     </para>
    </note>
    <caution>
     <para>
      If you are using
      <varname>$HTTP_SESSION_VARS</varname>/<varname>$_SESSION</varname>,
      do not use <function>session_register</function>,
      <function>session_is_registered</function> and
      <function>session_unregister</function>.
     </para>
    </caution>
   </refsect1>
  </refentry>
  
  <refentry id="function.session-get-cookie-params">
   <refnamediv>
    <refname>session_get_cookie_params</refname>
    <refpurpose>
     Get the session cookie parameters
    </refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>array</type><methodname>session_get_cookie_params</methodname>
      <void/>
     </methodsynopsis>
    <para>
     The <function>session_get_cookie_params</function> function returns an
     array with the current session cookie information, the array contains
     the following items:
     <itemizedlist>
      <listitem>
       <simpara>
        "lifetime" -  The lifetime of the cookie.
       </simpara>
      </listitem>
      <listitem>
       <simpara>
        "path" -  The path where information is stored.
       </simpara>
      </listitem>
      <listitem>
       <simpara>
        "domain" -  The domain of the cookie.
       </simpara>
      </listitem>
      <listitem>
       <simpara>
        "secure" -  The cookie should only be sent over secure connections.
        (This item was added in PHP 4.0.4.)
       </simpara>
      </listitem>
     </itemizedlist>
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-set-cookie-params">
   <refnamediv>
    <refname>session_set_cookie_params</refname>
    <refpurpose>
     Set the session cookie parameters
    </refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>void</type><methodname>session_set_cookie_params</methodname>
      <methodparam><type>int</type><parameter>lifetime</parameter></methodparam>
      <methodparam choice="opt"><type>string</type><parameter>path</parameter></methodparam>
      <methodparam choice="opt"><type>string</type><parameter>domain</parameter></methodparam>
     </methodsynopsis>
    <para>
     Set cookie parameters defined in the php.ini file.  The effect of this
     function only lasts for the duration of the script.
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-decode">
   <refnamediv>
    <refname>session_decode</refname>
    <refpurpose>Decodes session data from a string</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>bool</type><methodname>session_decode</methodname>
      <methodparam><type>string</type><parameter>data</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_decode</function> decodes the session data in
     <parameter>data</parameter>, setting variables stored in the
     session.
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-encode">
   <refnamediv>
    <refname>session_encode</refname>
    <refpurpose>
     Encodes the current session data as a string
    </refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>string</type><methodname>session_encode</methodname>
      <void/>
     </methodsynopsis>
    <para>
     <function>session_encode</function> returns a string with the
     contents of the current session encoded within.
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-set-save-handler">
   <refnamediv>
    <refname>session_set_save_handler</refname>
    <refpurpose>
     Sets user-level session storage functions
    </refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>void</type><methodname>session_set_save_handler</methodname>
      <methodparam><type>string</type><parameter>open</parameter></methodparam><methodparam><type>string</type><parameter>close</parameter></methodparam><methodparam><type>string</type><parameter>read</parameter></methodparam><methodparam><type>string</type><parameter>write</parameter></methodparam><methodparam><type>string</type><parameter>destroy</parameter></methodparam><methodparam><type>string</type><parameter>gc</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_set_save_handler</function> sets the user-level
     session storage functions which are used for storing and
     retrieving data associated with a session.  This is most useful
     when a storage method other than those supplied by PHP sessions
     is preferred.  i.e. Storing the session data in a local database.
    </para>
    <note>
     <para>
      You must set the configuration option
      <parameter>session.save_handler</parameter> to
      <parameter>user</parameter> in your php.ini file for
      <function>session_set_save_handler</function> to take effect.
     </para>
    </note>
    <note>
     <para>
      The "write" handler is not executed until after the output
      stream is closed.  Thus, output from debugging statements in the
      "write" handler will never be seen in the browser.  If debugging
      output is necessary, it is suggested that the debug output be
      written to a file instead.
     </para>
    </note>
    <para>
     The following example provides file based session
     storage similar to the PHP sessions default save handler
     <parameter>files</parameter>.  This example could easily be
     extended to cover database storage using your favorite PHP
     supported database engine.
    </para>
    <para>
     Read function must return string value always to make save
     handler work as expected. Return empty string if there is no data
     to read. Return values from other handlers are converted to
     boolean expression. TRUE for success, FALSE for failure.
    </para>
    <para>
     <example>
      <title>
       <function>session_set_save_handler</function> example
      </title>
      <programlisting role="php">
<![CDATA[
<?php
function open ($save_path, $session_name) {
  global $sess_save_path, $sess_session_name;
       
  $sess_save_path = $save_path;
  $sess_session_name = $session_name;
  return(true);
}

function close() {
  return(true);
}

function read ($id) {
  global $sess_save_path, $sess_session_name;

  $sess_file = "$sess_save_path/sess_$id";
  if ($fp = @fopen($sess_file, "r")) {
    $sess_data = fread($fp, filesize($sess_file));
    return($sess_data);
  } else {
    return(""); // Must return "" here.
  }

}

function write ($id, $sess_data) {
  global $sess_save_path, $sess_session_name;

  $sess_file = "$sess_save_path/sess_$id";
  if ($fp = @fopen($sess_file, "w")) {
    return(fwrite($fp, $sess_data));
  } else {
    return(false);
  }

}

function destroy ($id) {
  global $sess_save_path, $sess_session_name;
       
  $sess_file = "$sess_save_path/sess_$id";
  return(@unlink($sess_file));
}

/*********************************************
 * WARNING - You will need to implement some *
 * sort of garbage collection routine here.  *
 *********************************************/
function gc ($maxlifetime) {
  return true;
}

session_set_save_handler ("open", "close", "read", "write", "destroy", "gc");

session_start();

// proceed to use sessions normally

?>
]]>
      </programlisting>
     </example>
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-cache-limiter">
   <refnamediv>
    <refname>session_cache_limiter</refname>
    <refpurpose>Get and/or set the current cache limiter</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>string</type><methodname>session_cache_limiter</methodname>
      <methodparam choice="opt"><type>string</type><parameter>cache_limiter</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_cache_limiter</function> returns the name of the
     current cache limiter. If <parameter>cache_limiter</parameter> is
     specified, the name of the current cache limiter is changed to the
     new value.
    </para>
    <para>
     The cache limiter controls the cache control HTTP headers sent to the
     client.  These headers determine the rules by which the page content
     may be cached.  Setting the cache limiter to <literal>nocache</literal>,
     for example, would disallow any client-side caching.  A value of
     <literal>public</literal>, however, would permit caching.  It can also
     be set to <literal>private</literal>, which is slightly more restrictive
     than <literal>public</literal>.
    </para>
    <para>
     In <literal>private</literal> mode, Expire header sent to the
     client, may cause confusion for some browser including Mozilla.
     You can avoid this problem with
     <literal>private_no_expire</literal> mode. Expire header is never
     sent to the client in this mode.
    </para>
    <note>
     <para>
      <literal>private_no_expire</literal> was added in PHP 4.2.0dev.
     </para>
    </note>
    <para>
     The cache limiter is reset to the default value stored in
     <literal>session.cache_limiter</literal> at request startup time. Thus,
     you need to call <function>session_cache_limiter</function> for every
     request (and before <function>session_start</function> is called).
    </para>
    <example>
     <title><function>session_cache_limiter</function> examples</title>
     <programlisting role="php">
<![CDATA[
<?php

# set the cache limiter to 'private'

session_cache_limiter('private');
$cache_limiter = session_cache_limiter();

echo "The cache limiter is now set to $cache_limiter<p>";
?>
]]>
     </programlisting>
    </example>
   </refsect1>
  </refentry>

  <refentry id='function.session-cache-expire'>
   <refnamediv>
    <refname>session_cache_expire</refname>
    <refpurpose>Return current cache expire</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>int</type><methodname>session_cache_expire</methodname>
      <methodparam choice="opt"><type>int</type><parameter>new_cache_expire</parameter></methodparam>
     </methodsynopsis>
    <para>
     <function>session_cache_expire</function> returns current cache expire.
     If <parameter>new_cache_expire</parameter> is given, the current
     cache expire is replaced with <parameter>new_cache_expire</parameter>.
    </para>
   </refsect1>
  </refentry>

  <refentry id="function.session-write-close">
   <refnamediv>
    <refname>session_write_close</refname>
    <refpurpose>Write session data and end session</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>void</type><methodname>session_write_close</methodname>
      <void/>
     </methodsynopsis>
    <para>
     End the current session and store session data.
    </para>
    <para>
     Session data is usually stored after your script terminated
     without the need to call <function>session_write_close</function>, but as
     session data is locked to prevent concurrent writes only one
     script may operate on a session at any time. When using framesets
     together with sessions you will experience the frames loading one
     by one due to this locking. You can reduce the time needed to
     load all the frames by ending the session as soon as all changes
     to session variables are done.
    </para>
<!-- commented out until final decision on implementation
    <para>
     See also: <function>session_readonly</function>.
    </para>
-->
   </refsect1>
  </refentry>

<!-- commented out until final decision on implementation
  <refentry id="function.session-readonly">
   <refnamediv>
    <refname>session_readonly</refname>
    <refpurpose>Begin session - reinitializes freezed variables, but no writeback on request end</refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <methodsynopsis>
      <type>void</type><methodname>session_readonly</methodname>
      <void/>
     </methodsynopsis>
    <para>
     Read in session data without locking the session data. Changing
     session data is not possible, but frameset performance will be improved.
    </para>
   </refsect1>
  </refentry>
-->
 </reference>

<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->