PHPKonf: Istanbul PHP Conference 2017


以下の定数が定義されています。 この関数の拡張モジュールが PHP 組み込みでコンパイルされているか、 実行時に動的にロードされている場合のみ使用可能です。

SID (string)
"name=ID" 形式でセッション名とセッション ID を格納している定数。 セッション ID がセッションクッキーに適切にセットされている場合には空文字列が入る。 これは session_id() が返す ID と同一になる。
PHP 5.4.0 以降で導入。セッションが無効な場合の session_status() の返り値。
PHP 5.4.0 以降で導入。セッションが有効だけれどもセッションが存在しない場合の session_status() の返り値。
PHP 5.4.0 以降で導入。セッションが有効で、かつセッションが存在する場合の session_status() の返り値。
add a note add a note

User Contributed Notes 3 notes

sarath dot jasrin at gmail dot com
3 months ago
Check whether session started using Predefined Constants

if (session_status() == PHP_SESSION_NONE) {
5 months ago
SID constant defined dynamically!

var_dump(defined('SID'));  // bool(false) - Not defined...
var_dump(defined('SID'));  // bool(true) - Defined now!
yesmarklapointe at hotmail dot com
7 years ago
Here is some info about how to use SID. Experiment run on WAMPserver, PHP version 5.2.6.
Using FireFox 3.0.

In php.ini,  session.use_cookies has an effect upon whether or not SID passes an empty string or the session info. If it is on, SID is evaluated for the session info upon initial page view, but once a cookie has been set (automatically by  session.use_cookies) in the browser, subsequent views (like page reloads or using the back button) have the cookie being returned to the script so SID is then evaluated as an empty string. On the other hand, if session.use_cookies is off, (and provided you don't create a cookie by some other means), SID will evaluate as the session info no matter how many times you reload the page or use the back button because session_start() keeps opening a new session and no cookies are being set. Be aware this behavior will change the functionality of any links you build with SID. To have a reliable link with session info in it, spell it out using session_name() and session_id(), not SID. Example:

echo '<a href="page2.php?' . session_name() . ' ='  . session_id() . ' ">page2</a>' ;

and not

echo '<a href="page2.php?' . SID . ' ">page2</a>';

Two other settings that I thought might be relevant were not.  session.use_only_cookies  and session.use_trans_sid have no effect at all on the evaluation of SID for a specific line in the code, that is, in  regard to whether or not it is evaluated as an empty string or as the session info. 

And as to functioning in your code, using both session.use_trans_sid and also successfully evaluating SID for session info (as described above) will create a doubling of the session info, screwing up the path you are trying to create.
To Top