Just by typing the HTTP address on the address bar of a web browser doesn't
maintain the state of the user while browsing. In online shopping for instance,
at the end of checkout, when you are, let's say on the 7th page, the system
makes the list of the items that were selected on the 3rd page of the website.
This is made possible because the website keeps track of the entire user
session. This funtionality can be added to a website by using the 'Session'
feature of PHP. It basically saves the state of a particular user while the user
is traversing through website. Sessions are like cookies with the major
difference that they save the state on the server whereas cookies are stored on
clients. This means that sessions are more secure than cookies, as the
information is not exchanged between server and client. The session information,
ie the state of a user is temporary element, which is later deleted from the
server after the user leaves the website. The state is associated with a
particular user having a unique user ID which is stored on the cookies or
propagated through URLs.
Direct Hit! |
Applies To: PHP developers USP: Maintaining user information in online shopping Primary Link: www.php.net Keywords: PHP session |
Creating a PHP session
For every start there is an end, likewise in sessions you have to create a
session and finally terminate it after the work is done. To create a session you
need to call 'session_start()' function, which will be placed before the HTML
code starts. Because no information can be stored until a session is created.
Code for creating a session is as follows:
session_start();
?>
.... ....
After the required function is called, a session ID is created and stored in
the cookies on the client machine. The default file name of the cookie is
'PHPSESSID' and can be changed to any file name simply by making minute changes
in PHP configuration file, ie php.ini. If you want to know the client's session
ID then simply add the following line inside the 'HTML' tags:
print $PHPSESSID;
What if a user goes to the next page, which also calls the function 'session_start().'
PHP checks whether a session has already been started on the client machine for
the same website. If yes then it ignores the 'session_start()' function call on
the second page.
Working with Sessions
How do you store the information into the session created recently. First
you have to register the variable with the session created. After that you can
use that variable to store user information. The code provided below will show
how. Note that the code should be used after the session is created. If the 'session_start()'
is not called before, then an implicit call to this function will be made
without any argument.
session_register("sess_var");
$sess_var = "variable1";
print "Value of session variable: ";
print $sess_var;
?>
If the variable is successfully registered then the 'session_register()'
function will return a boolean value, ie true or false. So, you can easily check
that the variable is registered with the session or not.
Destroying a session
Once the user is done with his/her payment for online shopping, all
variables and sessions associated with the user should be cleared for security
purpose. Before the session is destroyed all variables are needed to unset.
Because only destroying the session does not reset all the variables and also
the session cookie. So the function 'session_unset()' resets all the variables
of the current session. The code for destroying session is as follows:
session_start();
$_SESSION = array();
if (isset($_COOKIE
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
?>
current session, ie, 'unset($sess_var).' And then finally destroy the current
session.