$_SESSION and $_GET Variable Assignment

[iwato]

BACKGROUND:  In the past I have retrieved an HTTPRequest via the $_GET superglobal, used the data from the superglobal to access a MySQL database, and from the thus retrieved data, generated an array of parameter values that I then assigned to a local array.  This local array was then assigned to a $_SESSION variable where it was used for other purposes.  This time, I would like to make the routing of data less circuitous.

QUESTION:  Does the following expression make sense?

$_SESSION = $_GET;

Roddy

[Ingolme]

That expression copies the data from $_GET to the session. It has drawback of overwriting all the rest of the data you may have had in the session previously. Instead, you can create a session variable just for the GET data.

$_SESSION['parameters'] = $_GET;

If you're doing a query with the GET data and want the query result on multiple pages then it would be far more efficient to store the query results in the session instead of the GET parameters.

[iwato]

I understand what I am doing wrong, but I am not sure what I should be doing that is right.  What I do understand is that I should assign the $_GET variables to the $_SESSION global?  What i do not understand is how these are read into the $_SESSION global.

For example, say I have a $_GET global with two key-value pairs:  $_GET[ 'letter_no' ] = 1 and $_GET[ 'username' ] = 'JSG'.  Say further that I have a $_SESSION global with the value $_SESSION[ 'current_state' ] = 0.

How would I go about establishing the following?

$current_state =  $_SESSION[ 'current_state' ] ;  echo $current_state;  // 0

$letter_no = $_SESSION[ 'letter_no' ]; echo $letter_no; // 1

$username = $_SESSION[ 'username' ]; echo $username; // JSG

Roddy

 

[Ingolme]

You would want to merge the two arrays, you can use array_merge() for that.

[iwato]

Yes, this works, but I discovered that once the $_SESSION variable has been merged it overrides its previous value -- this, despite that the absence of a session_start() function at the time of implementation.  In summary, the following code

				$_SESSION['status'] = 0;
				print_r($_SESSION); echo '<br />';
				$_GET['letter_no'] = 1;
				$_GET['username'] = JSG;
				print_r($_GET); echo '<br />';
				$_SESSION = array_merge($_SESSION, $_GET);
				print_r($_SESSION);

results in 

Array ( [letter_no] => 1 [status] => 0 [username] => JSG ) 
Array ( [letter_no] => 1 [username] => JSG ) 
Array ( [letter_no] => 1 [status] => 0 [username] => JSG )

when I was expecting to see

Array ( [status] => 0 ) 
Array ( [letter_no] => 1 [username] => JSG ) 
Array ( [letter_no] => 1 [status] => 0 [username] => JSG )

How do you explain this?

Roddy

[justsomeguy]

If $_SESSION is being populated automatically then you're using session_start somewhere.

[iwato]

OK.  Then, we return to the same question that I had long ago and whose answer I never truly found.  To what refers a $_SESSION variable anyway?

1. All the pages of a particular domain in the same browser window of the same browser session?
2. All the pages of a particular domain in any browser window of the same browser session?
3. All the pages of any domain in the same browser window of the same browser session?
4. All the pages of any domain in any browser window of the same browser session?

By browser session I mean an opened browser -- no matter the presence or absence of tabs or windows.

Roddy

[Ingolme]

Every time the user opens a page on your website, they send cookies belonging to your domain. Aside from being the program that sends the session cookie, the browser is irrelevant to how sessions work. The browser does not know what a session is, it just sends cookies. When PHP's session_start() method is called, it uses the ID provided by the session cookie, searches for data from the specified session based on that ID and stores that data into the $_SESSION variable, which is available to you. $_SESSION is just a regular array, the only difference being that its value is retained when the user changes pages.

Session restrictions are exactly the same as cookie restrictions:

• The session expires when the session's cookie expires
• The same session can be used every single PHP page from the domain that the cookie belongs to, including subdomains. Cookies have the option to be restricted to particular subdomains or even directories if necessary. You can set the cookie parameters using session_set_cookie_params().

[iwato]

Does merging a $_GET superglobal with a $_SESSION superglobal destroy the $_GET superglobal? Consider the following two pieces of code: one works, the other does not.  The included PHP file in both cases contains the following piece of code:
 

	if ($_SERVER["REQUEST_METHOD"] == "GET") {
		if (empty($_GET['letter_no'])) {
			$error_msg = "Please submit an edition number for the newsletter that you desire.";
		} else {
			$letter_no = filter_var($_GET['letter_no'], FILTER_VALIDATE_INT);
			...
		}
	}

THIS CODE FAILS

	if (!empty($_GET['letter_no'])) {
		session_start();
		$_SESSION = array_merge($_SESSION, $_GET['letter_no'];
		include('./newsletter/template/newsletter_generator_foreign.php');
	}

THIS CODE SUCCEEDS

	if (!empty($_GET['letter_no'])) {
		session_start();
		$_SESSION['letter_no'] = $_GET['letter_no'];
		include('./newsletter/template/newsletter_generator_foreign.php');
	}

Both sets of code receive an HTTPRequest similar to the following:

https://www.grammarcaptive.com/overview.html?letter_no=1

 

[Ingolme]

You can't use array_merge with $_GET['letter_no'] because it's not an array. The array_merge function combines two arrays. If you want to add a scalar value to your array, you would do so the regular way: $_SESSION['key'] = $value

array_merge() does not change either of the source arrays, instead it returns a completely new array based on the inputs.

[iwato]

Oh, how silly of me.

It had been a long and exhausting day.

Thanks!

Roddy