57

Facebook now offer subscriptions to users so you can get realtime updates on changes. If my app receives an update, I plan to store it in the database. I would also like to detect if their session exists. If it does then I could update the data in there too.

My session IDs are MD5(fb_id + secret) so I could easily edit their session. The question is how can I detect if the session exists.

Improve this question
7
  • 2
    Whose session do you mean? From where? Created by who?
    – Pekka
    Commented Aug 21, 2010 at 18:55
  • What does "secret hashed" mean? If it's a proper hash, you can't get the fb_id back.
    – NullUserException
    Commented Aug 21, 2010 at 18:55
  • The users session, from my server, created by my server... sorry I thought it was a given
    – Pablo
    Commented Aug 21, 2010 at 18:56
  • @Pablo if your server already creates a session, why do you need our help to detect whether it exists? I don't understand. You mean whether the user you're receiving an update for has a session on your end? Only your user management can tell that, can't it?
    – Pekka
    Commented Aug 21, 2010 at 18:56
  • 1
    I agree with Pekka, why would you really need to know if the session exists? If you just always create a session in the same fashion, can't you just check if a certain variable stored in the session exists or not? It's a simple isset($_SESSION['var']) really.
    – animuson
    Commented Aug 21, 2010 at 19:00

7 Answers 7

Reset to default
73

I use a combined version:

if(session_id() == '' || !isset($_SESSION) || session_status() === PHP_SESSION_NONE) {
    // session isn't started
    session_start();
}
Improve this answer
46

If $_SESSION (or $HTTP_SESSION_VARS for PHP 4.0.6 or less) is used, use isset() to check a variable is registered in $_SESSION.

isset($_SESSION['varname'])
Improve this answer
2
  • I figured this would help other who stumble across this answer: php.net/manual/en/function.isset.php
    – Jace
    Commented Oct 15, 2012 at 14:42
  • 1
    As of April 2022, the link you provided is no longer working.
    – Zakk
    Commented Apr 17, 2022 at 9:59
35

If you are on php 5.4+, it is cleaner to use session_status():

if (session_status() == PHP_SESSION_ACTIVE) {
  echo 'Session is active';
}
  • PHP_SESSION_DISABLED if sessions are disabled.
  • PHP_SESSION_NONE if sessions are enabled, but none exists.
  • PHP_SESSION_ACTIVE if sessions are enabled, and one exists.
Improve this answer
5
  • 1
    Why using the comparison operator == instead of identity operator === ? Both return integers...
    – Mike Casan Ballester
    Commented Apr 14, 2018 at 23:10
  • 2
    @micaball The == operator means "of equal value". The === operator means "of equal value and type". We are only looking for true/false values in this comparison, so == is the better choice.
    – elbrant
    Commented Dec 9, 2018 at 3:47
  • 3
    @micaball (Too) many php functions can return a mix of value types (A classic being strpos()). In that case it would effectively make sense to check the value type. session_status() always returns an int, so there is no need. :)
    – Toto
    Commented Jan 26, 2019 at 16:29
  • session_status() returns the numeric value of state so this needed a tweak for me of session_status() == 3
    – Chris Lambrou
    Commented Nov 21, 2021 at 13:41
  • @ChrisLambrou The constants are defined as the numeric values. If you don't have a matching number to the listed constants, unless you are using a nonstandard or very old version of PHP (before 5.4), you may have something wrong with your setup that would explain why your constants are not defined properly.
    – Jeff Clayton
    Commented Jan 10, 2023 at 22:10
2

Which method is used to check if SESSION exists or not? Answer:

isset($_SESSION['variable_name'])

Example:

isset($_SESSION['id'])
Improve this answer
1 
function is_session_started()
{
    if ( php_sapi_name() !== 'cli' ) {
        if ( version_compare(phpversion(), '5.4.0', '>=') ) {
            return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE;
        } else {
            return session_id() === '' ? FALSE : TRUE;
        }
    }
    return FALSE;
}

// Example
if ( is_session_started() === FALSE ) session_start();
Improve this answer
2
  • You should add a description to go with your code, even if brief. Posts of just code without explanations are frowned upon :)
    – MBorg
    Commented Mar 22, 2020 at 23:28
  • To be fair, the code is pretty much self-explanatory. Thank you for the snippet.
    – s3c
    Commented Dec 4, 2020 at 14:59
0

The original code is from Sabry Suleiman.

Made it a bit prettier:

function is_session_started() {

    if ( php_sapi_name() === 'cli' )
        return false;

    return version_compare( phpversion(), '5.4.0', '>=' )
        ? session_status() === PHP_SESSION_ACTIVE
        : session_id() !== '';
}

First condition checks the Server API in use. If Command Line Interface is used, the function returns false.

Then we return the boolean result depending on the PHP version in use.

In ancient history you simply needed to check session_id(). If it's an empty string, then session is not started. Otherwise it is.

Since 5.4 to at least the current 8.0 the norm is to check session_status(). If it's not PHP_SESSION_ACTIVE, then either the session isn't started yet (PHP_SESSION_NONE) or sessions are not available altogether (PHP_SESSION_DISABLED).

Improve this answer
0

Shortest and simple answer

$_SESSION['variable_name']?? die;

its a simple way doing

if(isset($_session['variable'])){
      // do something
 }else{
     die;
 }
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.