NYCPHP Meetup

[David Krings]

John Campbell wrote:
>> Can you elaborate on this? I use sessions very often and find them to be very
>> useful. After all, they are there to be used, so why not use them when appli
> cable?
> 
> They do have applications, but most people find way too many applications.
> 
> 1) Sessions often break a lot of things, typically bookmarks, the back
> button, using mutiple windows, and they expire.  These are especially
> problems for beginners.
> 2) Sessions are not a good substitute for a performance cache, and
> people tend to use them that way.
> 3) Sessions make for very hard to find bugs.


Thank you for those pointers. I use $_SESSION in my current project to store 
such things as the language of the currently logged in user, the user's access 
level, and the base portion of the URL to redirect the browser to pages on my 
server. The first two could be obtained from a table in the database, but I 
figured retrieving this information once and carrying it along with the 
$_SESSION saves hitting the database several time to retrieve the exat same 
piece of information. The last piece saves running the same code over and over 
again to get the same result. So far I haven't found any problems with doing this.
In one section of my application I do store more in $_SESSION, an array and a 
pointer. The array includes unique IDs of records in the database and the 
pointer contains the current array key of the element I  want to look at. That 
way I was able to build a simple navigation tool that allows for calling up 
records in the sequence specified by a search. Yes, I could do that by 
crafting the navigation as forms and pass along the info via $_POST, but for 
that I'd need to handle both the array (and serialize that) and the pointer, 
whereas using the session I only need to write the new pointer to the session, 
which is way less code and way less stuff that shows up in the XHTML. I admit 
I haven't tested it with multiple windows and the browser controls, but even 
if there are problems the worst that may happen is that the individual windows 
rewrite the pointer in the session and then the navigation would show on a 
Next click really something that is 3 Previous clicks before. In my case I 
deal with pictures and video files, so that there is no horrible damage, 
althought I admit that the app then no longer works as designed. And thinking 
about, sending everything via $_POST will for sure prevent that. I do have 
code in place that makes sure that the next or previous item indeed exists and 
that the pointer does not get set to keys that do not exist in the array.
I found it not to be difficult to find bugs that were related to $_SESSION. In 
my IDE it gets displayed the same way as the $_POST variable. I also do not 
use objects that I'd need to pass along. My app uses an object in one place to 
deal with ZIP files, but that's about it. I see the benefit of objects, but so 
far found easy enough ways to do without them. That may change when I get the 
crazy idea to work on more complex stuff.
I will go back and look at my code and see where I stuff more into $_SESSION 
and if I could do without it. In case of bookmarking, that is a side effect 
that can be to one's advantage. I know for sure that if someone bookmarks the 
pages in my app the bookmark will not work, but code is in place that captures 
especially the missing user level and gracefully redirects one to the login 
page. That is a behavior that I want.


Is there anything drastically flawed with my approach?


David