In PHP, is there any harm in running session_start() multiple times?

Presumably there's some ti开发者_Go百科ny performance hit, but beyond that?

As of PHP 4.3.3, calling session_start() while the session has already been started will result in an E_NOTICE warning. The second call to session_start() will simply be ignored.You could check if the session has been started first or not with:

if (session_id() == "")
  session_start();

From the docs:

As of PHP 4.3.3, calling session_start() after the session was previously started will result in an error of level E_NOTICE. Also, the second session start will simply be ignored.

So no, it won't "cause harm", but it'll throw an error. And the fact that it's happening is probably an indicator that you're doing something incorrectly, and might need to re-think how your code is laid out.

Calling session_start(); can harm the performance of your application.

The following code will trigger an E_NOTICE, but won't harm that much performance wise

<?php
session_start();
session_start();
?>

But calling the following will harm the performance! But it's still useful. If you have a script that takes like 3 minutes to run and is called with XHR (js). In this case it's useful to use the session_write_close. otherwise the request to the server is blocked until the sessions are released. It could happen that you want to use the sessions at the start of the script and at the end of the script.

<?php
session_start();
session_write_close();
session_start();
?>

But, when you call the session_start(); all information is deserialized, and when you call session_write_closed() it's serialized. So if you have a lot of data it can be really slow!

The following test shows how much impact it has.

1.0130980014801 sesion_start + close with empty session

1.0028710365295 normal loop without session

12.808688879013 a lot data in the session with start + close

1.0081849098206 normal loop again (useless kinda)

<?php
//start and clear first session
session_start();
session_destroy();
session_write_close();

//test one
if(true) {
    //test loop one
    $start = microtime(true);
    for($i = 0; $i < 1000; $i++) {
        session_start();
        usleep(100);
        session_write_close();
    }
    $end = microtime(true);
    echo($end - $start);


    //test loop 2
    echo('<br />');
    $start = microtime(true);
    for($i = 0; $i < 1000; $i++) {
        usleep(100);
    }
    $end = microtime(true);
    echo($end - $start);
}


//fill the array with information so serialization is needed
session_start();
$_SESSION['test'] = array();
for($i = 0; $i < 10000; $i++) {
    $_SESSION['test'][$i] = chr($i);
}
session_write_close();
echo('<br />');

//test two
if(true) {
    //test loop one
    $start = microtime(true);
    for($i = 0; $i < 1000; $i++) {
        session_start();
        usleep(100);
        session_write_close();
    }
    $end = microtime(true);
    echo($end - $start);


    //test loop 2
    echo('<br />');
    $start = microtime(true);
    for($i = 0; $i < 1000; $i++) {
        usleep(100);
    }
    $end = microtime(true);
    echo($end - $start);
}
?>

Reading the docs for session_start, all I can see is:

As of PHP 4.3.3, calling session_start() after the session was previously started will result in an error of level E_NOTICE. Also, the second session start will simply be ignored.

So, you'll get an E_NOTICE and be ignored.

I usually put a session start statement in an include file that I require_once. But I don't think there should be an issue with multiple calls.

If it produces an error, odds are that the developers didn't intend for that particular action to occur. So yes, despite what you're shown by W3Schools, it's technically a 'bad' thing to do.

So, rather than play it safe and try to set the session on each page, why not first check to see if the session exists before you move forward?

  if ( !isset($_SESSION) ) session_start();

Personally, I'd check for the existence of the session's cookie first.

If the session is already open, then it will return an error notice, and the new session will be ignored. So no harm is done, but you will have a pesky error.

But... if you are finding the need to do this then it could be a symptom that your code is not organized well. It would probably be in your benefit to see how you can keep yourself from repeating redundant tasks like starting a session.