I am trying to understand a method in the CakePHP source code. Following is the code taken from session.php.
function __startSession() {
if (headers_sent()) {
if (empty($_SESSION)) {
$_SESSION = array();
}
return false;
} elseif (!isset($_SESSION)) {
session_cache_limiter ("must-revalidate");
session_start();
header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
return true;
} else {
session_start();
return true;
}
}
Why not just session_start? Why the checks for headers_sent and what is the meaning of header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');? IN what situations will empty($_SESSION) or !isset($_SESSION) evaluate to true? An explanation of all the code is highly appreciated.
quick googling on the header provides some nice info.
It is for IE6, to fix its problem with third party cookies (in cases where you db data come from a different domain/IP than your webserver).
You can read more here
session_start() usually send a cookie into the http response in order to always use the same session for a user.
If the headers_sent() is true, then it is too late to send this cookie (cookies are in headers of the response). So this check is to avoid a PHP error.
P3P headers are for privacy policies but are actually only implemented in Internet Explorer.