session_id - PHP code example

An Overview of the PHP Function Session_ID and Its Options

The php function session_id is used to get or set the current session id. The id is an unique number that identifies the web browser or application accessing the server. This enables the server to identify the user and preserve data between requests. This allows websites to offer personalized displays based on the user's previous interactions with the website or application.

When a browser opens a URL the server creates a unique number called the session id and stores it in a cookie on the browser or in a file on the server. The browser then passes the id along with every request to the server. When the user closes the browser or the server is shut down, the id expires. This ensures that the user cannot use the same session to log in again with a different computer or browser.

This article provides an overview of the php function session_id and its options. It explains how it works and gives examples of its use.

In addition to the default options, you can control how sessions are initialized with the session_start() function. This can be done by modifying the session_id_method option. The default value is 'php' which uses the standard PHP serialization functions. Another possible value is 'wddx' which uses the WDDX libraries to encode variables as XML.

The session_id_length option controls the length of the random number used to seed the session ID. This is helpful in making sure that a session ID doesn't become predictable. You can also use a /dev/urandom device to produce random bytes for the ID, which can make it harder to guess.

session_id example

require __DIR__.'/common.inc';

use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;

$storage = new NativeSessionStorage(['cookie_samesite' => 'lax']);
$storage->setSaveHandler(new TestSessionHandler());
$storage->start();

$_SESSION = ['foo' => 'bar'];

ob_start(fn ($buffer) => str_replace(session_id(), 'random_session_id', $buffer));

session_start();
        $this->proxy->setName('foo');
    }

    /** * @runInSeparateProcess * * @preserveGlobalState disabled */
    public function testId()
    {
        $this->assertEquals(session_id(), $this->proxy->getId());
        $this->proxy->setId('foo');
        $this->assertEquals('foo', $this->proxy->getId());
        $this->assertEquals(session_id(), $this->proxy->getId());
    }

    /** * @runInSeparateProcess * * @preserveGlobalState disabled */
    public function testIdException()
    {

    public function isActive(): bool
    {
        return \PHP_SESSION_ACTIVE === session_status();
    }

    /** * Gets the session ID. */
    public function getId(): string
    {
        return session_id();
    }

    /** * Sets the session ID. * * @return void * * @throws \LogicException */
    public function setId(string $id)
    {

$amount = 'b.quantity*ROUND(CAST(b.price as DECIMAL(10,2))*(100+t.tax)/100,2)';
            $amount_net = 'b.quantity*CAST(b.price as DECIMAL(10,2))';
        } else {
            $amount = 'b.quantity*CAST(b.price as DECIMAL(10,2))';
            $amount_net = 'b.quantity*ROUND(CAST(b.price as DECIMAL(10,2))/(100+t.tax)*100,2)';
        }

        $queryBuilder = $this->getBasketQueryBuilder($amount, $amount_net);

        $queryBuilder->setParameters([
            'userId' => $userId,
            'sessionId' => empty($sessionId) ? session_id() : $sessionId,
            'billingAddressId' => $this->getBillingAddressId(),
            'shippingAddressId' => $this->getShippingAddressId(),
        ]);

        foreach ($addSelect as $select) {
            $queryBuilder->addSelect($select);
        }

        $this->eventManager->notify(
            'Shopware_Modules_Admin_GetDispatchBasket_QueryBuilder',
            [

use Symfony\Component\HttpFoundation\Session\SessionFactory;
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorageFactory;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\EventListener\SessionListener;
use Symfony\Component\HttpKernel\HttpKernelInterface;

/** @var Response $r */
$r = require __DIR__.'/common.inc';

$sessionId = 'vqd4dpbtst3af0k4sdl18nebkn';
session_id($sessionId);
$sessionName = session_name();
$_COOKIE[$sessionName] = $sessionId;

$request = new Request();
$request->cookies->set($sessionName, $sessionId);

$requestStack = new RequestStack();
$requestStack->push($request);

$sessionFactory = new SessionFactory($requestStack, new NativeSessionStorageFactory());

public function reset(): void
    {
        if (\PHP_SESSION_ACTIVE === session_status()) {
            session_abort();
        }

        session_unset();
        $_SESSION = [];

        if (!headers_sent()) { // session id can only be reset when no headers were so we check for headers_sent first             session_id('');
        }
    }

    /** * Gets the session object. */
    abstract protected function getSession(): ?SessionInterface;

    private function getSessionOptions(array $sessionOptions): array
    {
        $mergedSessionOptions = [];

$flash->add('foo', 'bar');

print_r($flash->get('foo'));
echo empty($_SESSION) ? '$_SESSION is empty' : '$_SESSION is not empty';
echo "\n";

$storage->save();

echo empty($_SESSION) ? '$_SESSION is empty' : '$_SESSION is not empty';

ob_start(fn ($buffer) => str_replace(session_id(), 'random_session_id', $buffer));

use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;

$storage = new NativeSessionStorage(['cookie_samesite' => 'lax']);
$storage->setSaveHandler(new TestSessionHandler());
$storage->start();

$_SESSION = ['foo' => 'bar'];

$storage->regenerate(true);

ob_start(fn ($buffer) => preg_replace('~_sf2_meta.*$~m', '', str_replace(session_id(), 'random_session_id', $buffer)));

        if ($sessionId && $this->saveHandler instanceof AbstractProxy && 'files' === $this->saveHandler->getSaveHandlerName() && !preg_match('/^[a-zA-Z0-9,-]{22,250}$/', $sessionId)) {
            // the session ID in the header is invalid, create a new one             session_id(session_create_id());
        }

        // ok to try and start the session         if (!session_start()) {
            throw new \RuntimeException('Failed to start the session.');
        }

        $this->loadSession();

        return true;
    }

// Change sessionId so the test value looks invalid. $storage->setSaveHandler(new TestSessionHandler('', 'abc123'));
$flash = new FlashBag();
$storage->registerBag($flash);
$storage->start();

// Add something to the session, so it isn't pruned. $flash->add('foo', 'bar');
echo empty($_SESSION) ? '$_SESSION is empty' : '$_SESSION is not empty';
echo "\n";

ob_start(fn ($buffer) => preg_replace('~_sf2_meta.*$~m', '', str_replace(session_id(), 'random_session_id', $buffer)));

$bag->setName('flashes');

        $storage = $this->getStorage();
        $storage->registerBag($bag);

        $this->assertEquals($storage->getBag('flashes'), $bag);
    }

    public function testRegenerateInvalidSessionIdForNativeFileSessionHandler()
    {
        $_COOKIE[session_name()] = '&~[';
        session_id('&~[');
        $storage = new NativeSessionStorage([], new NativeFileSessionHandler());
        $started = $storage->start();

        $this->assertTrue($started);
        $this->assertMatchesRegularExpression('/^[a-zA-Z0-9,-]{22,250}$/', session_id());
        $storage->save();

        $_COOKIE[session_name()] = '&~[';
        session_id('&~[');
        $storage = new NativeSessionStorage([], new SessionHandlerProxy(new NativeFileSessionHandler()));
        $started = $storage->start();

  public function getId(Request $request) {
    // Set a value in $_SESSION, so that SessionManager::save() will start     // a session.     $_SESSION['test'] = 'test';

    $request->getSession()->save();

    return ['#markup' => 'session_id:' . session_id() . "\n"];
  }

  /** * Print the current session ID as read from the cookie. * * @param \Symfony\Component\HttpFoundation\Request $request * The request object. * * @return string * A notification message with session ID. */

// session_start();         $this->setCookie();
    }

    /** * Takes care of setting the cookie on the client side. * Extracted for testing reasons. */
    protected function setCookie()
    {
        $expiration   = $this->config->expiration === 0 ? 0 : Time::now()->getTimestamp() + $this->config->expiration;
        $this->cookie = $this->cookie->withValue(session_id())->withExpires($expiration);

        $this->cookies[] = $this->cookie;
    }

    public function regenerate(bool $destroy = false)
    {
        $this->didRegenerate              = true;
        $_SESSION['__ci_last_regenerate'] = Time::now()->getTimestamp();
    }
}

        // If another session is already started, save and close it before starting the backend session below.         // We need to do this, because the other session would use the session id of the backend session and thus write         // its data into the wrong session.         Enlight_Components_Session_Namespace::ensureFrontendSessionClosed(Shopware()->Container());
        // Ensure no session is active before starting the backend session below. We need to do this because there could         // be another session with inconsistent/invalid state in the container.         if (session_status() === PHP_SESSION_ACTIVE) {
            session_write_close();
            // The empty session id signals to `Enlight_Components_Session_Namespace::start()` that the session cookie             // should be used as session id.             session_id('');
        }

        $sessionOptions = $this->getSessionOptions();
        $saveHandler = $this->createSaveHandler(Shopware()->Container());
        $storage = new NativeSessionStorage($sessionOptions);

        if (!empty($sessionOptions['unitTestEnabled'])) {
            $storage = new MockArraySessionStorage();
        } elseif ($saveHandler) {
            session_set_save_handler($saveHandler);
        }