PHP Sessions

A session is a way to store information in variables. A PHP session stores data on the server rather than user's computer. In a session based environment, every user is identified through a unique number called session identifier or SID. The session IDs are randomly generated by the PHP engine which is almost impossible to guess.

images/articles/php/php-sessions.jpg

Session-Handling Process

The very first task executed by a session-enabled page is to determine whether a valid session already exists or a new one should be initiated. If a valid session doesn’t exist, one is generated and associated with that user. PHP determines whether a session already exists by finding the SID either within the requested URL or within a cookie.

Starting a PHP Session

Before you can store any information in session variables, you have to start the session.  It will create a new session and generate a unique session ID for the user. 

session_start();

Executing session_start() will create a new session if no SID is found, or continue a current session if an SID exists. You must call the session_start() function at the beginning of the page before any HTML tags.

You call session_start() on every page and subsequently have access to all the items in the $_SESSION array. You can then set, update, and delete variables from the session like any other array by using the reserved array $_SESSION[].

Setting and Retrieving Session ID

The SID ties all session data to a particular user. Although PHP will both create and propagate the SID autonomously, there are times when you may wish to manually set or retrieve it. The function session_id() is capable of carrying out both tasks.

The function session_id() can both set and get the SID. If it is passed no parameter, the function session_id() returns the current SID. If the optional SID parameter is included, the current SID will be replaced with that value.

session_start();
echo "Your session identification number is " . session_id();

Storing Session Data

Session variables are used to manage the data intended to travel with the user from one page to the next. You can store all your session data in the $_SESSION superglobal array. The stored data can be accessed during lifetime of a session.

// Storing session data
$_SESSION["firstname"] = 'John';
$_SESSION["lastname"] = 'Doe';

Accessing Session Data

The stored data can be accessed during lifetime of a session. You can access the session data from any other page on the same web domain.

// Accessing session data
echo 'Hi, ' . $_SESSION['firstname'] . ' ' . $_SESSION['lastname'];

Destroying a Session

If you want to remove certain session data, you can unset the corresponding key.

if(isset($_SESSION["lastname"]))
{
unset($_SESSION["lastname"]);
}

To destroy a session completely,

session_destroy();

Every PHP session has a timeout value (duration measured in seconds) which determines how long a session should remain alive in the absence of any user activity.