session_id
(PHP 4, PHP 5)
session_id — Get and/or set the current session id
Description
$id
] )session_id() is used to get or set the session id for the current session.
The constant SID can also be used to
retrieve the current name and session id as a string suitable for
adding to URLs. See also Session
handling.
Parameters
-
id -
If
idis specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose. Depending on the session handler, not all characters are allowed within the session id. For example, the file session handler only allows characters in the range a-z A-Z 0-9 , (comma) and - (minus)!Note: When using session cookies, specifying an
idfor session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set.
Return Values
session_id() returns the session id for the current session or the empty string ("") if there is no current session (no current session id exists).
Changelog
| Version | Description |
|---|---|
| 5.0.0 | The , (comma) and - (minus) characters are allowed in the file session handler. |
See Also
- session_regenerate_id() - Update the current session id with a newly generated one
- session_start() - Start new or resume existing session
- session_set_save_handler() - Sets user-level session storage functions
- session.save_handler
- PHP Руководство
- Функции по категориям
- Индекс функций
- Справочник функций
- Расширения для работы с сессиями
- Управление сессиями
- session_abort
- session_cache_expire
- session_cache_limiter
- session_commit
- session_create_id
- session_decode
- session_destroy
- session_encode
- session_gc
- session_get_cookie_params
- session_id
- session_is_registered
- session_module_name
- session_name
- session_regenerate_id
- session_register_shutdown
- session_register
- session_reset
- session_save_path
- session_set_cookie_params
- session_set_save_handler
- session_start
- session_status
- session_unregister
- session_unset
- session_write_close
Коментарии
It may be good to note that PHP does not allow arbitrary session ids. The session id validation in PHP source is defined in ext/session/session.c in the function php_session_valid_key:
https://github.com/php/php-src/blob/master/ext/session/session.c
To put it short, a valid session id may consists of digits, letters A to Z (both upper and lower case), comma and dash. Described as a character class, it would be [-,a-zA-Z0-9]. A valid session id may have the length between 1 and 128 characters. To validate session ids, the easiest way to do it use a function like:
<?php
function session_valid_id($session_id)
{
return preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $session_id) > 0;
}
?>
session_id() itself will happily accept invalid session ids, but if you try to start a session using an invalid id, you will get the following error:
Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'