$_SESSION

$HTTP_SESSION_VARS [非推奨]

(PHP 4 >= 4.1.0, PHP 5)

$_SESSION -- $HTTP_SESSION_VARS [非推奨] — セッション変数

説明

現在のスクリプトで使用できるセッション変数を含む連想配列です。セッション変数の使用法についての詳細は、セッション関数のドキュメントを参照ください。

$HTTP_SESSION_VARS は同じ情報を格納していますが、これはスーパーグローバルではありません ($HTTP_SESSION_VARS と $_SESSION は異なる変数であり、PHP はこれらを異なる変数として扱うことに注意してください)。

変更履歴

バージョン	説明
4.1.0	`$_SESSION` が導入され、 `$HTTP_SESSION_VARS` は非推奨となりました。

注意

注意:
これは 'スーパーグローバル' あるいは自動グローバル変数と呼ばれるものです。スクリプト全体を通してすべてのスコープで使用することができます。関数やメソッドの内部で使用する場合にも global $variable; とする必要はありません。

参考

session_start() - セッションデータを初期化する

$_ENV

$_REQUEST

[edit] Last updated: Fri, 10 Feb 2012

add a note User Contributed Notes $_SESSION

pike-php at kw dot nl 07-Feb-2011 06:00


When accidently assigning a unset variable to $_SESSION, like 



   $_SESSION['foo'] = $bar 



while $bar was not defined, I got the following error message:



"Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. "



The errormessage was quite unrelated and got me off-track. The real error was, $bar was not defined.

Dave 17-Nov-2009 02:05


If you deploy php code and cannot control whether register_globals is off, place this snippet in your code to prevent session injections:



<?php

if (isset($_REQUEST['_SESSION'])) die("Get lost Muppet!");

?>

charlese at cvs dot com dot au 04-Jul-2009 06:47


I was having troubles with session variables working in some environments and being seriously flaky in others. I was using $_SESSION as an array. It works properly when I used $_SESSION as pointers to arrays. As an example the following code works in some environments and not others.



<?php

//Trouble if I treate $form_convert and $_SESSION['form_convert'] as unrelated items

$form_convert=array();

if (isset($_SESSION['form_convert'])){

        $form_convert=$_SESSION['form_convert'];

    }

}

?>

The following works well. 

<?php

if (isset($_SESSION['form_convert'])){

    $form_convert = $_SESSION['form_convert'];

}else{

    $form_convert = array();

    $_SESSION['form_convert']=$form_convert;

}

?>

bohwaz 31-Aug-2008 02:43


Please note that if you have register_globals to On, global variables associated to $_SESSION variables are references, so this may lead to some weird situations.



<?php



session_start();



$_SESSION['test'] = 42;

$test = 43;

echo $_SESSION['test'];



?>



Load the page, OK it displays 42, reload the page... it displays 43.



The solution is to do this after each time you do a session_start() :



<?php



if (ini_get('register_globals'))

{

    foreach ($_SESSION as $key=>$value)

    {

        if (isset($GLOBALS[$key]))

            unset($GLOBALS[$key]);

    }

}



?>

Steve Clay 17-Aug-2008 06:28


Unlike a real PHP array, $_SESSION keys at the root level must be valid variable names.



<?php 

$_SESSION[1][1] = 'cake'; // fails



$_SESSION['v1'][1] = 'cake'; // works

?>



I imagine this is an internal limitation having to do with the legacy function session_register(), where the registered global var must similarly have a valid name.

jherry at netcourrier dot com 01-Aug-2008 04:16


You may have trouble if you use '|' in the key:



$_SESSION["foo|bar"] = "fuzzy";



This does not work for me. I think it's because the serialisation of session object is using this char so the server reset your session when it cannot read it.



To make it work I replaced '|' by '_'.

add a note