• 9
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

Presumably there's some tiny performance hit, but beyond that?

As of PHP 4.3.3, calling session_start() while the session has already been started will result in an E_NOTICE warning. The second call to session_start() will simply be ignored.You could check if the session has been started first or not with:

if (session_id() == "")
  session_start();
  • 56
Reply Report

From the docs:

As of PHP 4.3.3, calling session_start() after the session was previously started will result in an error of level E_NOTICE. Also, the second session start will simply be ignored.

So no, it won't "cause harm", but it'll throw an error. And the fact that it's happening is probably an indicator that you're doing something incorrectly, and might need to re-think how your code is laid out.

  • 29
Reply Report

Calling session_start(); can harm the performance of your application.

The following code will trigger an E_NOTICE, but won't harm that much performance wise

<?php
session_start();
session_start();
?>

But calling the following will harm the performance! But it's still useful. If you have a script that takes like 3 minutes to run and is called with XHR (js). In this case it's useful to use the session_write_close. otherwise the request to the server is blocked until the sessions are released. It could happen that you want to use the sessions at the start of the script and at the end of the script.

<?php
session_start();
session_write_close();
session_start();
?>

But, when you call the session_start(); all information is deserialized, and when you call session_write_closed() it's serialized. So if you have a lot of data it can be really slow!

The following test shows how much impact it has.

1.0130980014801 sesion_start + close with empty session

1.0028710365295 normal loop without session

12.808688879013 a lot data in the session with start + close

1.0081849098206 normal loop again (useless kinda)

<?php
//start and clear first session
session_start();
session_destroy();
session_write_close();

//test one
if(true) {
    //test loop one
    $start = microtime(true);
    for($i = 0; $i < 1000; $i++) {
        session_start();
        usleep(100);
        session_write_close();
    }
    $end = microtime(true);
    echo($end - $start);


    //test loop 2
    echo('<br />');
    $start = microtime(true);
    for($i = 0; $i < 1000; $i++) {
        usleep(100);
    }
    $end = microtime(true);
    echo($end - $start);
}


//fill the array with information so serialization is needed
session_start();
$_SESSION['test'] = array();
for($i = 0; $i < 10000; $i++) {
    $_SESSION['test'][$i] = chr($i);
}
session_write_close();
echo('<br />');

//test two
if(true) {
    //test loop one
    $start = microtime(true);
    for($i = 0; $i < 1000; $i++) {
        session_start();
        usleep(100);
        session_write_close();
    }
    $end = microtime(true);
    echo($end - $start);


    //test loop 2
    echo('<br />');
    $start = microtime(true);
    for($i = 0; $i < 1000; $i++) {
        usleep(100);
    }
    $end = microtime(true);
    echo($end - $start);
}
?>
  • 14
Reply Report

Reading the docs for session_start, all I can see is:

As of PHP 4.3.3, calling session_start() after the session was previously started will result in an error of level E_NOTICE. Also, the second session start will simply be ignored.

So, you'll get an E_NOTICE and be ignored.

  • 5
Reply Report

If it produces an error, odds are that the developers didn't intend for that particular action to occur. So yes, despite what you're shown by W3Schools, it's technically a 'bad' thing to do.

So, rather than play it safe and try to set the session on each page, why not first check to see if the session exists before you move forward?

  if ( !isset($_SESSION) ) session_start();

Personally, I'd check for the existence of the session's cookie first.

  • 4
Reply Report
      • 1
    • It's better not to check. In a clean architecture, there is only one session_start() at the right spot and any further calls should be noticed by the developer, but not ignored. The same reason why using @ error supressing is code smell.

If the session is already open, then it will return an error notice, and the new session will be ignored. So no harm is done, but you will have a pesky error.

But... if you are finding the need to do this then it could be a symptom that your code is not organized well. It would probably be in your benefit to see how you can keep yourself from repeating redundant tasks like starting a session.

  • 1
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags

Related Questions