Skip Navigation

Dev FAQs

How does Reason's session system work?

Reason's session system is pretty integrated with the Minisite and Minisite module system. If you are working in that context, the session is usually available as $this->session in the template or the module. If you are not in that system, it can be access from the global function get_reason_session(). The form that you get the session is fairly specific:

$sess =& get_reason_session();

The ampersand is important because the function keeps a single static copy of the session. This is to avoid having multiple instances of the session object floating around while Reason is running.

The session system has a couple of requirements - data can only be stored and accessed from the session if the connection is secure to avoid session hijacking problems as well as just keeping things more secure. If a script tries to do anything to a session object while on an insecure page, a warning will be triggered. You can use on_secure_page() to check if you are secure or not. You can also use

$sess->exists();

to see if a session has been started. This can be used on an insecure page without error. So, if a session exists and we're on a secure page, we can then start the session. Most code looks something like this:

if( $sess->exists() AND on_secure_page() )
{
$sess->start();
}

if( $sess->has_started() )
{
$username = $sess->get( 'username' );
}

Notice how I made sure the session was started with has_started(). If it has started, you know that you are secure and the session exists.

Timeouts are also somewhat built-in to the session object. If start() ever returns FALSE, you can check the $error_num variable that was juset set. Really, here's what session starting should look like:

if( $sess->exists() AND on_secure_page() )
{
if( !$sess->start() )
{
if( $sess->error_num == ERR_SESS_EXPIRED )
{
// do something about an expired session
}
}
}
  • Dave Hendler, 21 July 2005

Other FAQs