Advertisment

Understanding Sessions

author-image
PCQ Bureau
New Update

Just by typing the HTTP address on the address bar of a web browser doesn't

maintain the state of the user while browsing. In online shopping for instance,

at the end of checkout, when you are, let's say on the 7th page, the system

makes the list of the items that were selected on the 3rd page of the website.

This is made possible because the website keeps track of the entire user

session. This funtionality can be added to a website by using the 'Session'

feature of PHP. It basically saves the state of a particular user while the user

is traversing through website. Sessions are like cookies with the major

difference that they save the state on the server whereas cookies are stored on

clients. This means that sessions are more secure than cookies, as the

information is not exchanged between server and client. The session information,

ie the state of a user is temporary element, which is later deleted from the

server after the user leaves the website. The state is associated with a

particular user having a unique user ID which is stored on the cookies or

propagated through URLs.

Advertisment

Direct Hit!

Applies To: PHP developers



USP: Maintaining user


information in online shopping


Primary Link: www.php.net


Keywords: PHP session


Creating a PHP session



For every start there is an end, likewise in sessions you have to create a

session and finally terminate it after the work is done. To create a session you

need to call 'session_start()' function, which will be placed before the HTML

code starts. Because no information can be stored until a session is created.

Code for creating a session is as follows:



session_start();



?>


.... ....

Advertisment

After the required function is called, a session ID is created and stored in

the cookies on the client machine. The default file name of the cookie is

'PHPSESSID' and can be changed to any file name simply by making minute changes

in PHP configuration file, ie php.ini. If you want to know the client's session

ID then simply add the following line inside the 'HTML' tags:



print $PHPSESSID;

What if a user goes to the next page, which also calls the function 'session_start().'

PHP checks whether a session has already been started on the client machine for

the same website. If yes then it ignores the 'session_start()' function call on

the second page.

Working with Sessions



How do you store the information into the session created recently. First

you have to register the variable with the session created. After that you can

use that variable to store user information. The code provided below will show

how. Note that the code should be used after the session is created. If the 'session_start()'

is not called before, then an implicit call to this function will be made

without any argument.

Advertisment



session_register("sess_var");



$sess_var = "variable1";


print "Value of session variable: ";


print $sess_var;


?>


If the variable is successfully registered then the 'session_register()'

function will return a boolean value, ie true or false. So, you can easily check

that the variable is registered with the session or not.

Destroying a session



Once the user is done with his/her payment for online shopping, all

variables and sessions associated with the user should be cleared for security

purpose. Before the session is destroyed all variables are needed to unset.

Because only destroying the session does not reset all the variables and also

the session cookie. So the function 'session_unset()' resets all the variables

of the current session. The code for destroying session is as follows:



session_start();



$_SESSION = array();


if (isset($_COOKIE)) {


setcookie(session_name(), '', time()-42000, '/');


}


session_destroy();


?>








The function 'array()' above is meant unset all the variables of the

current session, ie, 'unset($sess_var).' And then finally destroy the current

session.

Advertisment