Should session_start always be called?
Question
I noticed that there's a tmp/ folder on my webserver that contains thousands and thousands of session-id files. So I thought it's probably better to only call session_start() when I am actually writing something into the session (login) and then only call it, if there's a logged in user active.
I couldn't find too much on the topic (and I'm not sure if what I'm trying to accomplish is possible even), just a couple of people saying that session_start() should always be called. Does that make sense? And isn't it a performance issue if all these session-ids are stored?
1 answers
solution1
2 ACCPTED 2020-12-16 16:18:18
So I thought it's probably better to only call session_start() when I am actually writing something into the session (login) and then only call it, if there's a logged in user active.
If you set up a login system in any vaguely traditional way that involves sessions, there is no way to tell if you have a logged in user without calling session_start .
just a couple of people saying that session_start() should always be called. Does that make sense?
Yes. If you are going to interact with a session — be it to write to the session, or read from it — then call session_start() .
Most websites that deal with login sessions will put a "You are logged in as Bob: click here to logout" or "You are not logged in: click here to log in" message on every page, so most websites will need to call sessions_start() on every page.
And isn't it a performance issue if all these session-ids are stored?
No.
It has a performance impact , but that impact is probably negligible. If it becomes a problem, worry about it then.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.