Sessions in PHP

A session is a way to store data (in variables) that can be used on more than one page.

The information is not stored on the user’s computer like a cookie would be.

When a PHP script wants to get the value from a session variable, PHP automatically gets the unique session identifier string from the PHPSESSID cookie. It then looks in its temporary directory for a file with that name, and a validation can be done by comparing the two values.

A session is over when the user closes the browser or leaves the site. If the user leaves the site, the server will end the session after a set amount of time, usually 30 minutes.

What is a session in PHP?

When you use an app, you open it, make changes to it, and then close it. This is like a Session in many ways. Your name is in the computer’s memory. It knows when you start and stop using the app. But on the internet, there is one problem: the web server doesn’t know who you are or what you do because the HTTP address doesn’t keep track of state.

Session variables solve this problem because they store information about a user that can be used on more than one page (e.g. username, favourite color, etc). By default, session variables stay in place until the browser is closed.

So, session variables hold information about a single user and are available to all pages in the same application.

Tip: If you want to keep the data for a long time, you might want to put it in a database.

PHP Session Start

The session start() function is used to start a session.

$_SESSION is a global variable in PHP that is used to set session variables.

Create a new page and call it “demo session1.php.” We start a new PHP session and set some session variables on this page:

Example

 

<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html>
<body>

<?php
// Set session variables
$_SESSION[“name”] = “ram”;
$_SESSION[“year”] = “25”;
echo “Session variables are set.”;
?>

</body>
</html>

Note: Your document must start with the session start() function before any tags in HTML.

Get PHP Session Variable Values

Next, we make a second page that we call “demo session2.php.” We can get to the session information we set up on the first page (“demo session1.php”) from this page.

Session variables are not passed to each new page individually. Instead, they are taken from the session we open at the start of each page (session start()).

Also, keep in mind that the values of all session variables are kept in the global $_SESSION variable:

Example

 

<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body><?php
// Echo session variables that were set on previous page
echo “Name is ” . $_SESSION[“name”] . “.<br>”;
echo “Year is ” . $_SESSION[“year”] . “.”;
?></body>
</html>

Running the following code is another way to show all the session variable values for a user session:

Example

<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body><?php
print_r($_SESSION);
?></body>
</html>

Most sessions leave a user-key on the user’s computer that looks something like this: 765487cf34ert8dede5a562e4f3e12. Then, when a session is opened on a different page, it looks for a user-key on the computer. If there is a match, it opens that session. If there isn’t a match, it opens a new session.

 

Modify a session variable in PHP

 

Just overwrite a session variable to change it:

Example

<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>

<?php
// to change a session variable, just overwrite it
$_SESSION[“name”] = “coderazaa”;
$_SESSION[“age”] = “50”;
print_r($_SESSION);
?>

</body>
</html>

 

Destroy a PHP session

Use session unset() and session destroy() to get rid of all global session variables and end the session:

This function doesn’t need any arguments, and all the session variables can be deleted with a single call. If you only want to get rid of a single session variable, you can use the unset() function.

Example

<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>

<?php
// remove all session variable
session_unset();

// destroy your session
session_destroy();

echo “Now, all of the session variables are gone, and the session is over. ”
?>

</body>
</html>

Making Auto Session start

If you can set session, you don’t have to call the start session() function when a user visits your site to start a session.

auto_start variable to 1 in php.ini file.

Cookies-free sessions

There may be times when a user doesn’t want cookies to be saved on their computer. So there is another way to send the browser’s session ID.

You can also use the constant SID, which is set when the session begins. If the client didn’t send the right session cookie, it has the form session name=session id. If not, it grows into an empty string. So, you can put it in URLs no matter what.

People also search

Leave a Comment

Scroll to Top