Setting up a PHP session

PHP — Sessions

An alternative way to make data accessible across the various pages of an entire website is to use a PHP Session.

A session creates a file in a temporary directory on the server where registered session variables and their values are stored. This data will be available to all pages on the site during that visit.

The location of the temporary file is determined by a setting in the php.ini file called session.save_path. Before using any session variable make sure you have setup this path.

When a session is started following things happen −

• PHP first creates a unique identifier for that particular session which is a random string of 32 hexadecimal numbers such as 3c7foj34c3jj973hjkop2fc937e3443.
• A cookie called PHPSESSID is automatically sent to the user’s computer to store unique session identification string.
• A file is automatically created on the server in the designated temporary directory and bears the name of the unique identifier prefixed by sess_ ie sess_3c7foj34c3jj973hjkop2fc937e3443.

When a PHP script wants to retrieve the value from a session variable, PHP automatically gets the unique session identifier string from the PHPSESSID cookie and then looks in its temporary directory for the file bearing that name and a validation can be done by comparing both values.

A session ends when the user loses the browser or after leaving the site, the server will terminate the session after a predetermined period of time, commonly 30 minutes duration.

Starting a PHP Session

A PHP session is easily started by making a call to the session_start() function.This function first checks if a session is already started and if none is started then it starts one. It is recommended to put the call to session_start() at the beginning of the page.

Session variables are stored in associative array called $_SESSION[]. These variables can be accessed during lifetime of a session.

The following example starts a session then register a variable called counter that is incremented each time the page is visited during the session.

Make use of isset() function to check if session variable is already set or not.

Put this code in a test.php file and load this file many times to see the result −

else < $_SESSION['counter'] = 1; >$msg = "You have visited this page ". $_SESSION['counter']; $msg .= "in this session."; ?>    

It will produce the following result −

You have visited this page 1in this session.

Destroying a PHP Session

A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.

Here is the example to unset a single variable −

Here is the call which will destroy all the session variables −

Turning on Auto Session

You don’t need to call start_session() function to start a session when a user visits your site if you can set session.auto_start variable to 1 in php.ini file.

Sessions without cookies

There may be a case when a user does not allow to store cookies on their machine. So there is another method to send session ID to the browser.

Alternatively, you can use the constant SID which is defined if the session started. If the client did not send an appropriate session cookie, it has the form session_name=session_id. Otherwise, it expands to an empty string. Thus, you can embed it unconditionally into URLs.

The following example demonstrates how to register a variable, and how to link correctly to another page using SID.

else < $_SESSION['counter']++; >$msg = "You have visited this page ". $_SESSION['counter']; $msg .= "in this session."; echo ( $msg ); ?> 
To continue click following link 
">
 

It will produce the following result −

You have visited this page 1in this session. To continue click following link

The htmlspecialchars() may be used when printing the SID in order to prevent XSS related attacks.

Источник

PHP Sessions

A session is a way to store information (in variables) to be used across multiple pages.

Unlike a cookie, the information is not stored on the users computer.

What is a PHP Session?

When you work with an application, you open it, do some changes, and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn’t maintain state.

Session variables solve this problem by storing user information to be used across multiple pages (e.g. username, favorite color, etc). By default, session variables last until the user closes the browser.

So; Session variables hold information about one single user, and are available to all pages in one application.

Tip: If you need a permanent storage, you may want to store the data in a database.

Start a PHP Session

A session is started with the session_start() function.

Session variables are set with the PHP global variable: $_SESSION.

Now, let’s create a new page called «demo_session1.php». In this page, we start a new PHP session and set some session variables:

Example

// Set session variables
$_SESSION[«favcolor»] = «green»;
$_SESSION[«favanimal»] = «cat»;
echo «Session variables are set.»;
?>

Note: The session_start() function must be the very first thing in your document. Before any HTML tags.

Get PHP Session Variable Values

Next, we create another page called «demo_session2.php». From this page, we will access the session information we set on the first page («demo_session1.php»).

Notice that session variables are not passed individually to each new page, instead they are retrieved from the session we open at the beginning of each page ( session_start() ).

Also notice that all session variable values are stored in the global $_SESSION variable:

Example

// Echo session variables that were set on previous page
echo «Favorite color is » . $_SESSION[«favcolor»] . «.
«;
echo «Favorite animal is » . $_SESSION[«favanimal»] . «.»;
?>

Another way to show all the session variable values for a user session is to run the following code:

Example

How does it work? How does it know it’s me?

Most sessions set a user-key on the user’s computer that looks something like this: 765487cf34ert8dede5a562e4f3a7e12. Then, when a session is opened on another page, it scans the computer for a user-key. If there is a match, it accesses that session, if not, it starts a new session.

Modify a PHP Session Variable

To change a session variable, just overwrite it:

Example

// to change a session variable, just overwrite it
$_SESSION[«favcolor»] = «yellow»;
print_r($_SESSION);
?>

Destroy a PHP Session

To remove all global session variables and destroy the session, use session_unset() and session_destroy() :

Example

// remove all session variables
session_unset();

// destroy the session
session_destroy();
?>

Источник

PHP Sessions (Very Simple Examples)

Welcome to a beginner’s tutorial on working with sessions in PHP. So you have heard of this session thing, and trying to figure out how it works? Let us walk through some super simple examples in this guide – Read on!

TLDR – QUICK SLIDES

TABLE OF CONTENTS

PHP SESSIONS

All right, let us now get into the examples of working with sessions in PHP.

WHAT IS A SESSION?

• PHP variables are temporary – They “disappear” and “cannot be carried onto another page”.
• Sessions are a way to “save user data”, and allow data to persist over multiple pages.

PART 1) START/RESUME SESSION

1A) PHP SESSION START

1. To start a session, call session_start() .
2. Just assign whatever you want to keep into $_SESSION[«KEY»] = «VALUE» .
3. Here, we have assigned both $_SESSION[«hello»] = «world» and $hello = «world» .

1B) RESUME SESSION

 "world"] echo $hello; // gone - undefined variable

1. To resume the session, call the same old session_start() .
2. As demonstrated, the session still contains $_SESSION[«hello»] = «world» , but $hello has perished at the end of 1a-start.php .

PART 2) APPEND DATA TO THE SESSION

No sweat. Just use $_SESSION like a “normal array” and assign more keys/values to it.

PART 3) SESSION CAN ONLY CONTAIN KEY/VALUE PAIRS

• If you assign a flat string or number into $_SESSION , it will only work for the current script.
  • That is, $_SESSION = «hello» .
  • echo $_SESSION will give you «hello» for the current script.
  • But in another script, $_SESSION will “restore” to its “last valid keys/values” state.

  PART 4) UNSETTING SESSION DATA

   "Jon", "age" => 999, "gender" => "Male" ]; print_r($_SESSION); // [name, age, gender] // (C) UNSET unset($_SESSION["age"]); print_r($_SESSION); // [name, gender] 

  To remove certain data from the session, simply unset($_SESSION[«KEY»]) .

  PART 5) END SESSION

  • To end a session, use session_destroy() .
  • Take extra note – Data inside $_SESSION will still remain until the end of the current script. If you want to “fully destroy” the current session immediately, you will have to call unset($_SESSION) .

  DOWNLOAD & NOTES

  Here is the download link to the example code, so you don’t have to copy-paste everything.

  SUPPORT

  600+ free tutorials & projects on Code Boxx and still growing. I insist on not turning Code Boxx into a «paid scripts and courses» business, so every little bit of support helps.

  EXAMPLE CODE DOWNLOAD

  Click here for the source code on GitHub gist, just click on “download zip” or do a git clone. I have released it under the MIT license, so feel free to build on top of it or use it in your own project.

  EXTRA BITS & LINKS

  That’s all for the tutorial, and here is a small section on some extras and links that may be useful to you.

  HOW DO SESSIONS WORK?

  

  • PHP will generate a PHPSESSID unique ID cookie.
  • A corresponding sess_PHPSESSID file will also be created on the server.

  

  So whenever we assign $_SESSION[«KEY»] = «VALUE» , it will be saved into the sess_PHPSESSID file. For those who are lost, it will be easier to think of sess_PHPSESSID as a “save game file”; Data is restored from this file whenever the user revisits the webpage.

  SESSION RESTRICTIONS

  • Take note that sessions have an expiry time as set in session.cookie_lifetime of php.ini .
  • If the user clears the cookies, the session will also be lost.
  • Sessions are file-based. If you are working with distributed servers, this may end up with some trouble (unless you have a way to share the session file across different servers). Consider setting the session to save into a database instead. See the “cross-domain session” link below.

  REFERENCES & LINKS

  INFOGRAPHIC CHEAT SHEET

  

  THE END

  Thank you for reading, and we have come to the end of this guide. I hope that it has helped you to better understand, and if you want to share anything with this guide, please feel free to comment below. Good luck and happy coding!

  Источник