I am new to PHP and I am trying to create $_SESSION variables via a login page to authenticate users for site privileges. The thought being that I will check the $_SESSION variables on "secure" pages to see if the user has logged in. A var_dump() shows that they are being created successfully.

When I start another PHP script (session_start(); var_dump($_SESSION["userinfo"]), I get "Undefined index: userinfo". So it appears that the session variables are not being persisted across the PhpEd session. Is there a php.ini setting that I can use?

The alternative is that I need to login each time that I want to test a secure page (not a viable alternative).

What am I missing?

Thanks,
Joe

You miss the point that with closing PHPED you also close the builtin browser and lose all temporary cookies. If you need persistent sessions, you need persistent cookies. Check cookie headers the script sends to the browser and make sure they contain expiry date. Without the date the cookies are temporary and they won't survive the browser restart or IDE restart like in this case. Note: in php handling the session cookies is wrapped into set of functions. See http://www.php.net/manual/en/book.session.php for further details.

Sometimes being new to a language gives a programmer the unique privelege of creating his own problems. I did some research, as you suggested, and some testing.

I found the cookies in "C:\ProgramData\PHP\sessions". It seems that the embedded browser (Firefox) keeps the same session id for the duration of the PhpEd session, regardless of whether the Output window is open or subsequently closed.

If you uses the external browser (Firefox), a new session id is created, which makes sense. Close and reopen the external browser and the previous session state is lost because the session id changes.

So, the session variables will stay alive in the embedded browser for the PhpEd session. The same is true for the external browser until it is closed.

I wasn't concerned about persisting session variables forever. I just wanted to make sure that I didn't have to login every time I opened a PHP page, which apparently I don't have to if I stick with the same browser.

If any of this information, after my limited testing, is incorrect, please correct me.

Thanks for your response.

What you found in C:\ProgramData\PHP\sessions are not cookies, it's data stored in all active sessions that in its turn is copied to $_SESSION array on script start if it gets session cookie from the client.
Browser is supposed to keep its cookie if it's not already expired or there is no expiry time in it. In latter case cookie is stored until the process that opened the browser is shutdown.