Table of Contents
Main Author: Ravindra de Silva Contributors: …
Important
include the file “inc/lib_session/session.inc”
This is an handler. Therefore some code is executed as soon as the file is included.
Handler code
That code checks configuration settings, and selects regular PHP session management, or a custom database handler(which is written),or the adodb session handler. furthermore possibility to encrypt session variables (to do) will be there.
API functions
shn_session_start()
to start a session, simply call
shn_session_start()
this function is a wrapper around
session_start()
it includes checks to reduce session hijacking therefore this function will also start or retrieve a session like
session_start()
,but with better security.
e.g. <?php include_once ($global['approot']."inc/lib_session/session.inc"); shn_session_start(); ?>
shn_session_change(array())
when the user changes privilege levels (e.g login) its recommended to regenerate the session id this function does that and in addition registers ,changes several session variables to reflect change of privileges.
e.g.
<?php include_once ($global['approot']."inc/lib_session/session.inc"); shn_session_start(); $user_data = shn_authenticate_user(); if($user_data["user_id"]>0){ shn_session_change($user_data); } ?>
shn_session_is_registered(string)
function which checks whether a Session variable is already registered since there are many modules ,there is the possibility of one module overriding a session variable of another. proper naming convention should reduce that, in addition its recommended to call this function to see if the variable is already registered.
Note:
since we are using the front controller pattern its the responsibility of the front controller to start a session or change an existing one. therefore from the API functions documented above
shn_session_start() shn_session_change(array())
are exclusively for use by the front controller. other modules, can assume a session is available to them. what they should worry about is what session variables to use and how to use them. To register a session variable simply use PHP session management functions.
e.g $_SESSION['initiated'] = true;
and retrieve again PHP session Management functions.
$user=$_SESSION["user"];
,but one word of caution, since the system consists of multiple modules please check whether a session variable is already registered by the name you want to use.
for that you can use, the API function
if(shn_session_is_registered(“user”)){ $_SESSION["user"]=$user; }