Session In PHP

Admin   PHP   509  2020-12-17 03:13:16

Another way to make data accessible on different pages of an entire Website is to use a Session in PHP.

A session creates a file in a temporary directory on the server where the session variables are registered and their values ​​are stored. This data will be available to all pages on the site during the visit to that site.

The location of the temporary file is determined by a setting in the php.ini file called session.save_path. Before using any session variable, you must ensure that the path is installed.

When a session starts, the following happens:

session in php

session in php

First, PHP generates a unique identifier for that particular session, which is a random string of 32 hexadecimal numbers, like 3c7foj34c3jj973hjkop2fc937e3443.

A cookie called PHPSESSID will be sent automatically to the user's computer to store the unique string of session identifiers above.

A file is created automatically on the Server in the specified temporary directory and it bears the name of the unique identifier and starts with sess_. For example: sess_3c7foj34c3jj973hjkop2fc937e3443.

When the PHP script wants to fetch a value from a session variable, it automatically fetches this unique session identifier string from the PHPSESSID cookie, then looks for the file with that name in its temporary directory, and authentication can be completed. by comparing those values.

A session ends when the user shuts down the browser or after leaving this site, the server terminates the session after a predetermined amount of time, usually 30 minutes.

Start a PHP Session

The PHP session is very simple to get started with by making a call to the function session_start(). This function first checks whether a session has been started, otherwise it

starts a session. This call to session_start() is suggested to be at the top of the page.

The session variables stored in the associative array are $_SESSION[] . These variables can be accessed throughout the life of a session.

The following example starts a session, then registers a variable named counter, which is incremented each time the page is visited during its lifetime.

Use isset() to check if the session variable is set.

Put this code in the test.php file and download this file multiple times to see the results:

<?php
   session_start();
   
   if (isset($_SESSION['counter'])){
      $_SESSION['counter'] + = 1;
   } else{
      $_SESSION['counter'] = 1;
   }
   $msg = "You have already accessed this page". $_SESSION['counter'];
   $msg. = "times during this session.";
?>

<html>
   
   <head>
      <title> Setting up a session in PHP </title>
   </head>
   
   <body>
      <?php echo ($msg); ?>
   </body>
   
</html>

Save the above program in a file called test.php in htdocs, then open a browser and type the address http://localhost:8080/test.php will produce the following result: (I downloaded 5 times and the results obtained is 5 times )

Session in PHP

Canceling a PHP Session

Session in PHP can be destroyed using function session_destroy(). This function does not need any parameters and a single call can destroy all session variables. If you want to destroy a single session variable, then you use the unset() function to unset a session variable.

Here is an example that cancels setting a single session variable.

<?php
   unset($_SESSION['counter']);
?>


Below is the function call that will destroy all session variables.

<?php
   session_destroy();
?>

Enable Auto Session in PHP

You do not need to call start_session() to start a session when a user visits your site, if you set the session.auto_start variable to 1 in the php.ini file.

Session without Cookies

There will be instances when users do not allow cookies to be stored on their device. So there is another method to send the session ID to the browser.

Alternatively, you can use the SID constant, which is defined when the session starts. If the client does not send an appropriate session cookie, it is of the form session_name = session_id. Otherwise, it expands to an empty string. Therefore, you can unconditionally embed it in the URLs.

The following example demonstrates how to register a variable and how to correctly link to another page via the SID.

<?php
   session_start();
   
   if (isset ($_SESSION['counter'])) {
      $_SESSION ['counter'] = 1;
   }
   else {
      $_SESSION['counter'] ++;
   }
   
   $msg = "You have already accessed this page". $_SESSION['counter'];
   $msg. = "times during this session.";
   
   echo ($msg);
?>
<p>
   To continue, please click on the following page: <br />
   
   <a href="nextpage.php?<?php echo htmlspecialchars(SID); ?> ">
</p>

Save the above program in a file called test.php in htdocs, then open a browser and type the address http://localhost: 8080/test.php will produce the following result: (I downloaded 5 times and the results obtained is 5 times )

Session in PHP

The htmlspecialchars() function can be used when printing an SID to avoid XSS-related attacks.