search for in the  
<session_get_cookie_paramssession_is_registered>
Last updated: Thu, 19 May 2005

session_id

(PHP 4, PHP 5)

session_id -- Get and/or set the current session id

Description

string session_id ( [string id] )

session_id() returns the session id for the current session.

If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose. Depending on the session handler, not all characters are allowed within the session id. For example, the file session handler only allows characters in the range a-z, A-Z and 0-9!

Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set.

The constant SID can also be used to retrieve the current name and session id as a string suitable for adding to URLs. Note that SID is only defined if the client didn't send the right cookie. See also Session handling.

See also session_start(), session_set_save_handler(), and session.save_handler.



User Contributed Notes
session_id
cbarnes at bfinity dot net
09-May-2005 08:44
Note that Firefox and Mozilla use the same process for launching new windows or tabs, they will pick up the same session id as the previous windows until the parent process dies or is closed. This may cause undesired results if the session id is stored in a db and checked, a solution is to check at the new entry point (new tab or window if the user went back to the index page) for an existing session. If a session id exists and a new one is required use something like:

$ses_id = session_id();
$bsid_exists = false;
$bsid_exists = check_session_id_from_db($ses_id);
 if ($bsid_exists){
 //This is a reentry and the session already exists
 // create a new session ID and start a new
session_regenerate_id();       
$ses_id = session_id();
 }
jeff_zamrzla
10-Feb-2005 05:03
Try this code snippet, from a book by a security expert who says this is more secure to place on every page:

session_start();
$_SESSION['name'] = "YourSession";

if (!isset($_SESSION['initiated']))
{
   session_regenerate_id();
   $_SESSION['initiated'] = true;
}
Sergey Bres aka tserbis
26-Aug-2004 03:05
To Cybertinus:
session_id() isn't emtied after session_write_close(), so your code
if ( ! session_id() ) {
   session_start();
}
is good, but not so universal.
---------
Sergey Bres, Ukraine, tserbis@yandex.ru
karlhaines at comcast dot net
30-Oct-2003 07:05
Rewriting URL's is not suggested for obvious security issues. Please be careful with register_globals when using sessions! Check that all information you recieve from a user is valid before accepting it!
Cybertinus
15-Oct-2003 03:28
As of php 4.3.3 you get a notice when you start an session twice. You can use session_id() to detect if a session is already started. Before you can make a script, you must know that session_id() returns false when no session ID is known. So now we can make a script witch dectect if a session is started, and if it is not, it startes an session. This is what you get then:
<?php
if(!session_id()){
  session_start();
}
?>

I hope somebody can use this information.

Greetz, Cybertinus
Andi, info at pragmaMx dot org
16-Jan-2003 03:13
you can also add the iframe tag:
ini_set("url_rewriter.tags", "a=href,area=href,frame=src,iframe=src,input=src,form=fakeentry");

<session_get_cookie_paramssession_is_registered>
 Last updated: Thu, 19 May 2005
Copyright © 2001-2005 The PHP Group
All rights reserved.		 This unofficial mirror is operated at: The Server Pages
Last updated: Thu May 19 17:35:34 2005 CDT