3

As we know that session variable $_SESSION is different for each user. I want to know the scope of Server variable like $_SERVER. I am doing http authentication in my RestFul API. If I set the $_SERVER['PHP_AUTH_USER'], will that be set for 1 user or all the user who access my server page?

Thanks

2 Answers2

0

That will be set only for current user, but why don't you use $GLOBALS instead of $_SERVER?

$GLOBALS — References all variables available in global scope

This superglobal array would be more appropriate than $_SERVER for such a task. Mind, that $GLOBALS or $_SERVER don't save its data after request is finished. So if you want to keep some data from one request to another you should use $_SESSION.

vadimrostok
  • 131
  • 7
  • If it is for one user then what would be difference between $_SESSION and $_SERVER scope? –  Apr 28 '13 at 20:04
  • $_SERVER rewrites its data after each request, and $_SESSION can lose its data only after specific time(specified in php.ini). $_SERVER contains server-related data (such as path to executed script, filled by apache or another server), and $_SESSION should contain user-related data (such as time zone, filled by your code). Check this articles [link](http://www.php.net/manual/en/language.variables.superglobals.php) – vadimrostok Apr 28 '13 at 20:14
  • I filled $_SERVER['PHP_AUTH_USER']) varaible,now if I refresh the page ,it values remain there..it never get removed –  Apr 28 '13 at 20:18
  • That can't be true, may be you forget to remove $_SERVER['PHP_AUTH_USER'] setting from your code? Try to set and echo $_SERVER['test'] on a single page, then remove setting of $_SERVER['test'], but left echo $_SERVER['test'] and you'll see an error(or nothing, depends o your errors display settings); – vadimrostok Apr 28 '13 at 20:31
  • then remove setting of $_SERVER['test'] means? –  Apr 28 '13 at 20:36
  • write this `$_SERVER['test'] = 'test';`, refresh the page, then write this `echo $_SERVER['test'];`, refresh the page. You'll make sure, that $_SERVER don't store its data from one request to another. – vadimrostok Apr 28 '13 at 20:50
  • but the built in variables do store –  Apr 28 '13 at 20:57
  • 1
    I missed one thing, PHP_AUTH_USER and PHP_AUTH_PW may by set by server if you are using HTTP-autentification. But anyway superglobals(exept $_SESSION) don't store values. Check my test. For example $_COOKIE, $_POST, $_GET are set by http request headers, $_SESSION is set by server, $GLOBALS is set by your code, but all of them (exept $_SESSION) lose their data when request finishes. And when another request starts they filled with data again. PHP_AUTH_USER stores by http server, not php. So you cannot store data in $_SERVER with key 'my_key', for example. – vadimrostok Apr 28 '13 at 21:15
0

php.net:

Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site.

A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.

that mean is different between user because session id is different per user and Session allow user access to owner associative array

the value that is set for $_SERVER is on RAM and didn't store in file or database and it remove from RAM after request finish. for this kind of work like save a variable during of user is online you can use $_SESSION but if you want save variable for all user you can use Database

mohammad mohsenipur
  • 3,218
  • 2
  • 17
  • 22
  • that means $_SERVER is for non-persistent request.. The value of $_SERVER may vary at each request.. –  Apr 28 '13 at 20:12
  • yes $_SERVER is for non-persistent request and $_SERVER value is set for every request – mohammad mohsenipur Apr 28 '13 at 20:17
  • I filled $_SERVER['PHP_AUTH_USER']) varaible,now if I refresh the page ,it values remain there..it never get removed –  Apr 28 '13 at 20:25
  • see this page http://www.php.net/manual/en/reserved.variables.server.php for more information about `$_SERVER`, `$_SERVER` is only for read that keep information like headers, paths, and script locations,... and see this page for [PHP_AUTH_USER](http://php.net/manual/en/features.http-auth.php) – mohammad mohsenipur Apr 28 '13 at 20:38