Advanced PHP session start

If a session based web application is used by a visitor using Internet Explorer it’s possible that this user get some trouble. This will happen if parts of the application are accessed for example via a shortcut on the desktop and the application opens then in a new Explorer window. At this moment a second session is started with a different ID, if the used web application has some session based authentication system the user has to login again. At the same time the user has to logout twice! In browsers like Mozilla Firefox new windows are treated the same way then tabs where the problem doesn’t exists. This function will use a real cookie for the session ID and updates the expiration time with every script execution. The expiration is equal to the PHP directive “gc_maxlifetime” (default) or every custom value.

<?php
// $expire = the time in seconds until a session have to expire
function start_session($expire = 0) {
 if ($expire == 0) {
 $expire = ini_get("session.gc_maxlifetime");
 } else {
 ini_set("session.gc_maxlifetime", $expire);
 }
 if (empty($_COOKIE['PHPSESSID'])) {
 session_set_cookie_params($expire);
 session_start();
 } else {
 session_start();
 setcookie("PHPSESSID", session_id(), time() + $expire);
 }
}
// this example will start a session with an expire time given by the php configuration
start_session();
// start_session(600) will start a session which will expire after 10 minutes (60*10 seconds)

Leave a Reply

Your email address will not be published. Required fields are marked *