The pit of the session



1.

Error Hints :

Warning:cannot send session Cookie-headers already sent

Warning:cannot Send session cache Limiter-headers already sent

Analysis and Solutions :

The reason is that when you use session_start () in your program , you already have the actual HTML content output. Maybe you said, I'm not, I'm just echo or print a message. Unfortunately, the output generated by your echo or print statement is the actual output of the HTML content. The solution to this type of problem is to transfer your session_start () to the first line of the program .

2.

Error hints

Warning:open (F:/689\PHP\SESSIONDATA\SESS_66A39376B873F4DAECF239891EDC98B5, O_RDWR) failed

Analysis and Solving methods :

This error statement usually occurs because your php.ini about Session.save_path is not set, the solution is to Session.save_path and session.cookie_path settings are set to

Session_save_path = C:\Temp

Session.cookie_path = C:\Temp

Then create a temp directory under the C \ directory to

3.

Error hints

Warning:trying to destroy uninitialized session in

Analysis and Solving methods :

Out of class such a hint, the general situation is you directly adjust the Session_destroy () function caused. Many friends think that the Session_destroy () function can run independently, but it is not. The workaround is to use session_start () to open the Session_destroy () function before you tune the function of the session .

4. question : How do I get the ID value of the current session ?

The simplest method is : Echo SID;

session_id (' 0-2-c-d-e ');

Session_Start ();

$_session[' is_admin '] = ' yes ' ;

echo SID;

?>

5 . problem : my program, in the call Header function without any output, though I include the One config.php file, but in config.php there is no output in the file, why Session or will you report a problem? 1 the same mistake, wasn't it because I was Header used before. session_start () 's sake? ?

A : Perhaps you really carefully check your php program, before the reference header () does not have any output, and in your There is no output in the Include file! But do you use the cursor key to move the check after ?> this PHP code closing sentence? Then you will find that after ?> This, there is a blank line or a few spaces, you delete the empty lines or spaces, then the problem is solved .

Note: This issue will appear in PHP4.1.2 , later versions, not tested.

6. q : after using the session to log on the main page, the other pages how to use the session Restrict login ?

Answer: The simplest way is to

Session_Start ();

if (!session_registered (' login ') ││ $login! = True) {

echo " you did not log in ";

Exit

}

7. q : i registered the session variable with session_register () , But when I use the header or a javascript Redirect, I don't see the session on the page . the value of the variable being registered. How can I resolve this? [ not tested successfully ]

The program fragment of the problem:

Session_Start ();

$ok = ' Love you ';

Session_register (' OK ');

Header ("location:next.php");

?>

next.php

Session_Start ();

Echo $ok;

?>

The workaround:

When you use the header function or the window.location function, the session that you registered on the previous page variable, it will be easy to lose, on the cause of this problem, there is still no detailed answer.

But there is a way out. As shown below

Header ("Location:next.php". "?". SID);

In the jump to the next page, the session 's current ID as a parameter, upload to the latter page.

8.session How to pass an array

Session_register (' data ');

$data =array (1,2,3,4);

The method is to register and assign the value first

9. question 9: will I be able to access the session in a way that is like $HTTP _get_vars[' * * ') What about the value?

Answer: Yes, you can use the following global array to visit the sessionto enhance the security of the Web page

$HTTP _session_vars

$_session

Routines :

Session_Start ();

$username = ' Stangly.wrong ';

Session_register (' username ');

echo $HTTP _session_vars[' username '];

Echo '
';

echo $_session[' username '];

?>

Please refer to this routine to modify the program that matches your own.

What is the difference between the question 10:session_unregister () and the Session_destroy () ?

The main function of the Session_unregister () function is to eliminate the current session variable. Note, however, that if you use the $HTTP _session_vars or $_session to refer to the SESSION in the current page Variable, then you may need to match the session variable with unset () .

The Session_destroy () clears the current session environment. It means that when you use the Session_destroy () function, you can no longer use session_is_registered () to detect The variable of the session. However, it is important to note that he cannot clear the session in global or use the session cookie in the session. So in use Session_destroy before, it's best not to use $HTTP _session_vars $_session to access session. ( translated from php.net)

Routines:

if (Isset ($_cookie[session_name ())) {

Session_Start ();

Session_destroy ();

Unset ($_cookie[session_name ());

}

A PHP Vulnerability:

Session_Start ();

$_session[' is_admin '] = ' yes ' ;

$is _admin = ' No ' ;

Echo $_session[' is_admin '];

?>

Vulnerability Description:

When php.ini ,register_globals = on, the defined variable changes the session with the same name . If you use the session Login, it will cause the problem of random landing.

The above describes the session of the pit, including the aspects of the content, I hope that the PHP tutorial interested in a friend helpful.

