session_id

(PHP 4, PHP 5)

session_id -- Get and/or set the current session id

Описание

string session_id ( [string id] )

session_id() is used to get or set the session id for the current session.

The constant SID can also be used to retrieve the current name and session id as a string suitable for adding to URLs. See also Session handling.

Список параметров

id

If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose. Depending on the session handler, not all characters are allowed within the session id. For example, the file session handler only allows characters in the range a-z, A-Z and 0-9!

Замечание: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set.

Возвращаемые значения

session_id() returns the session id for the current session or the empty string ("") if there is no current session (no current session id exists).

Смотрите также

session_regenerate_id()
session_start()
session_set_save_handler()
session.save_handler



session_id
simon at quo dot com dot au
06-Mar-2006 10:15
Length of PHPSESSID appears to be 32 characters by default.
jwhatcher at hotmail dot com
07-Jul-2005 12:21
Killing the session_id when using cookies to store the session_id. Useful when needing to recreate a user with different session information during an open session.

   unset($_COOKIE[session_name()]);
   session_start();
jpjounier at hotmail dot com
23-Jun-2005 04:28
About the note from Cybertinus :

The following test doesn't work, the code following is always executed :

if(!session_id())
{
// Always executed even if there's already an opened session
}

session_id() returns an empty string if there is no current session, so to test if a session already exists, it's better to write this :
if(session_id() == "")
{
session_start();
}
else
{
// Anything you want
}
cbarnes at bfinity dot net
09-May-2005 06:44
Note that Firefox and Mozilla use the same process for launching new windows or tabs, they will pick up the same session id as the previous windows until the parent process dies or is closed. This may cause undesired results if the session id is stored in a db and checked, a solution is to check at the new entry point (new tab or window if the user went back to the index page) for an existing session. If a session id exists and a new one is required use something like:

$ses_id = session_id();
$bsid_exists = false;
$bsid_exists = check_session_id_from_db($ses_id);
 if ($bsid_exists){
 //This is a reentry and the session already exists
 // create a new session ID and start a new
session_regenerate_id();       
$ses_id = session_id();
 }
jeff_zamrzla
10-Feb-2005 03:03
Try this code snippet, from a book by a security expert who says this is more secure to place on every page:

session_start();
$_SESSION['name'] = "YourSession";

if (!isset($_SESSION['initiated']))
{
   session_regenerate_id();
   $_SESSION['initiated'] = true;
}
karlhaines at comcast dot net
30-Oct-2003 05:05
Rewriting URL's is not suggested for obvious security issues. Please be careful with register_globals when using sessions! Check that all information you recieve from a user is valid before accepting it!
Andi, info at pragmaMx dot org
16-Jan-2003 01:13
you can also add the iframe tag:
ini_set("url_rewriter.tags", "a=href,area=href,frame=src,iframe=src,input=src,form=fakeentry");

<session_get_cookie_paramssession_is_registered>
 Last updated: Tue, 15 Nov 2005