[pmwiki-devel] session_start problem

marc gmane at auxbuss.com
Wed Dec 6 12:30:05 CST 2006 

Patrick R. Michaud said...
> On Tue, Dec 05, 2006 at 06:45:48PM -0000, marc wrote:
> > marc said...
> > > All that the login script does is:
> > > 
> > >   function LoggedIn ($userName) {
> > >     session_start();
> > >     $member =& $_SESSION['member'];
> > >     if(!is_object($member)) $member = new Member($userName);
> > >   }
> > > 
> > > The problem is that when session_start() is performed, the cart session 
> > > variable disappears, and with it the displayed cart. But, when I comment 
> > > out session_start(), everything behaves as normal.
> > 
> > The solution turned out to be to move the include for the cart recipe 
> > above the authuser recipe.
> > 
> > There is something funky happening with sessions with authuser and I'd 
> > appreciate it if someone could fill in the background.
> 
> PHP doesn't like or expect session_start() to be called multiple 
> times within the same script -- when that happens PHP likes to
> generate errors or even sometimes abort with a fatal error
> (and silently, such that the page simply doesn't display).

Ah, mea culpa. I was following the docs:

  Note: As of PHP 4.3.3, calling session_start() while the session has
  already been started will result in an error of level E_NOTICE. Also,
  the second session start will simply be ignored.
 
> PmWiki knows about this PHP limitation, and so it prefixes all
> calls to session_start() with an '@', so that PHP won't abort
> if a session already exists (and leaves the existing session open).

Ah, again. I understood about the message, but not the effect on the 
session.
 
> In the LoggedIn() function above, session_start() isn't
> prefixed with the '@', thus PHP aborts when session_start()
> is called and a session already exists (in this case, the
> session started by AuthUser, although any recipe that is
> using sessions could do it). The solution of moving LoggedIn()
> before including authuser.php "works" because PmWiki already
> deals with the case of a session already being open when session_start()
> is called.

This I understand. Thanks. 

After adding @ to all session_starts, I have been able to move the 
recipe include after authuser, which, although not necessary, probably 
proves the point. I have a new rule :-)

> I think the solution is to simply place an '@' before the
> 'session_start()' in the LoggedIn() function above.

In light of this, I did a quick grep for session_start and have added @ 
to all occurrences. FYI, I notice that the httpvariables recipe is @-
less too.

Thanks very much for making things clearer.

-- 
Best,
Marc

More information about the pmwiki-devel mailing list