PHP: Sessions Introduction

The basic question is how to pass data from one page to another page in any website. All information of a page is forgotten when a new page is loaded.

we can pass data from one page to another page by url and get it by $_GET superglobal array.

www.example.com/index.php?name=first_name

<?php
   echo $_GET['name'];
?>

But this way is not secure because end user easily change the data.

This problem solves by PHP session, $_SESSION superglobal array allow us to store user information on the server for later use. The session allows us to store data between requests in the $_SESSION superglobal array.

But this way is not secure because end user easily change the data.

NOTE: It is important to ponder that the sessions is the temporary storage. if we want to store data permanently than we have to store the data in a database.

How SESSION Works:

When a visitor accesses our site, PHP will automatically check (if session.auto_start is set to 1 or 0 in php.ini file) or on our request (explicitly through session_start()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.

A session creates a file in a temporary directory on the server where registered session variables and their values are stored. This data will be available to all pages on the site during that visit.

NOTE: The location of the temporary file is determined by a setting in the php.ini file called session.save_path.

  1. PHP first creates a unique identifier for that particular session.
  2. A file is automatically created on the server in the designated temporary directory.
  3. A cookie PHPSESSID is automatically created to the user's computer to store unique session identification string.
  4. When PHP wants to retrieve any values from a session variable then first PHP done the validation by getting the the unique session identifier string from PHPSESSID cookie from user's computer and then looks in server's temporary directory for the file bearing that name and compair both values.
  5. A session ends when the server will terminate the session after a predetermined period of time.

Starting a PHP Session:

Before we can begin storing user information in our PHP session, we must first start the session.

A session is started with the session_start() function. It is recommended to put the call to session_start() at the beginning of the page, before any HTML or text is sent.

Session variables are stored in associative array called $_SESSION[]. These variables can be accessed during lifetime of a session.

Example:

<?php
   session_start();
?>

Above tiny piece of code will register the user's session with the server, allow you to start saving user information and assign a UID (unique identification number) for that user's session.

Example:

<?php
session_start();
if (isset($_SESSION['views'])) {
  $_SESSION['views'] ++;
}
else {
  $_SESSION['views'] = 1;
}
$message = "Pageviews = " . $_SESSION['views'];
?>
<html>
  <head>
    <title>PHP session example>/title>
  </head>
  <body>
    <?php echo $message; ?>
  </body>
</html>

Cleaning and Destroying a PHP Session:

A PHP session can be destroyed by session_destroy() function. If we want to destroy a single session variable then you can use unset() function to unset a session variable but first we have to check that the session variable is set or not useing isset() function.

Example:

<?php
if (isset($_SESSION['views'])) {
  unset($_SESSION['views']);
}
?>

We can also completely destroy the session entirely by calling the session_destroy() function.

Example:

<?php
// remove all session variables
session_unset();

// destroy the session
session_destroy();
?>