Does PHP reinitialize session variables when visiting a page in another tab?

Question

I am building a simple website in PHP 8.0.30 where after the user logs in successfully, specific values are added to the $_SESSION, including their last time of access as follows:

index.php

<?php
  # Code below is simplified to focus on the relevant lines
  if ($userisauthenticated) {  
    $_SESSION['lastaccess'] = time();
    echo "<script>console.log('Code in index.php was run'); </script>"; 
  }
?>

If the user loads another page again in the future, I check the last time of access and if that is within a specified time limit, load the rest of the page or otherwise log them out. See below for an example:

dashboard.php

<?php
  session_start();
  echo "<script>console.log('lastaccess: " . $_SESSION['lastaccess'] . "' ); </script>"; 

  # The code afterwards tries to check if the user is still logged in
  if (array_key_exists('lastaccess', $_SESSION)) {
    if (time() - $_SESSION["lastaccess"] < 60 * 60 * 48) {
      # Go ahead and load page
    } else {
      # Log user out
    } 
  }
?>

However, I am running into a strange issue where if I log in via index.php, then minutes later open a new tab and visit dashboard.php by directly typing the url, the lastaccess value is different from what index.php had set it. The first two lines literally are what I have above, so there is no code before it to change the lastaccess value.

I also inserted a test output to the console in index.php to see if the new tab is for some reason pre-loading index.php, but that test output is never printed to the console when I load dashboard.php in a new tab.

This also only happens some times I try this (not always), which makes me wonder if it has anything to do with my browser (I am using Google Chrome).

Is it possible that PHP reinitializes the value stored in the $_SESSION variables on page load in a new tab? What am I missing in my knowledge of PHP sessions here and what is causing this?

Answer 1

It turns out it is the pre-fetching setting in Google Chrome. When I type out the URL, the first suggestion is the main URL, which points to index.php. Google Chrome is prefetching the page which is triggering the script (my fault for not having set it up right).

Figured this out when I opened a new tab just to type the URL, did not go to that page and closed the tab instead, then went back to my test page that I had set up to see the lastaccess value, refreshed it, and saw that the value had been updated!

Answer 2

Summary Answer:

NO!

Detailed Answer:

Each time $_SESSION is accessed, session_start() command must be executed. Before reading and even writing a value in $_SESSION.

Therefore, it is necessary to execute the session_start() command in the index.php file before using $_SESSION.

​ new index.php :

<?php
  session_start(); // <--- will fix next access
  # Code below is simplified to focus on the relevant lines
  if ($userisauthenticated) {  
    $_SESSION['lastaccess'] = time();
    echo "<script>console.log('Code in index.php was run'); </script>"; 
  }
?>