Learn About the Session Option in PHP 7


In the last chapter, we discussed the ‘use’ statement and the new Integer division function along with examples. In this chapter, we are going to talk about the session options feature that is added to PHP 7.

Session Options in PHP 7
From PHP 7 version onwards, session_start () function has started accepting an array of options that is used to override the session configuration directives set in php.ini.
bool session_start ([ array $options = [] ] )
Following are the session configuration directives.

S. No.DirectivesDescription
1.session.save_pathIt defines the argument which is passed to the save handler. If we choose the default files handler, this is the path where the files are created. Default value is “”.
2.session.nameIt specifies the name of the session that is used as cookie name. It should only contain alphanumeric characters. It defaults to PHPSESSID.
3.session.save_handlerIt defines the name of the handler that is used for storing and retrieving data associated with a session. It defaults to files.
4.session.auto_startIt specifies whether the session module starts a session automatically on request start up. It defaults to 0 that is disabled.
5.session.gc_probabilitysession.gc_probability along with session.gc_divisor are used to manage probability that garbage collection routine has started. Defaults value of session.gc_probability is 1.
6.session.gc_divisorIt is coupled with session.gc_probability defines the probability that the garbage collection process is started on every session initialization. Calculation of the probability is done by using gc_probability/gc_divisor, e.g. 1/100 means there is only 1% chance that the GC process starts on each request. Default value of session.gc_divisor defaults is 100.
7.session.gc_maxlifetimeIt specifies the time in seconds after which data will be seen as ‘garbage’ for potential clean up. The Garbage collection may occur during session start.
8.session.serialize_handlerIt defines the name of the handler that is used to serialize/deserialize data. It defaults to php.
9.session.cookie_lifetimeIt specifies the lifetime of the cookie in seconds that is sent to the browser. The value 0 means “until the browser is closed.” The default value of this directive is 0.
10.session.cookie_pathIt specifies system path to set in the session cookie. The default value is /.
11.session.cookie_domainIt specifies the domain to set in the session cookie. Default value is the host name of the server which generates the cookie according to cookies specification.
12.session.cookie_secureIt specifies whether cookies should only be sent over secure connections or not. The default value is set to off.
13.session.cookie_httponlyThis directive marks that the cookie is accessible only through the HTTP protocol. This means that the cookie cannot be accessed by the scripting languages, such as JavaScript.
14.session.use_strict_modeIt specifies whether the module will use strict session id mode or not. If this mode is enabled, the module does not accept uninitialized session ID. The default value is 0.
15.session.use_cookiesIt specifies whether the module will use cookies to store the session id on the client side or not. The default value is 1 which means it is enabled.
16.session.use_only_cookiesIt specifies whether the module will only use cookies to store the session id on the client side or not. The default value is 1 which means it is enabled.
17.session.referer_checkIt contains the substring that we want to check each HTTP Referrer for. If the Referrer was sent by the client and the substring was not found, the embedded session id will be marked as invalid. The default value is the empty string.
18.session.entropy_fileIt gives a path to an external resource i.e. file which will be used as an additional entropy source in the session id creation process.
19.session.entropy_lengthIt specifies the number of bytes which will be read from the file specified above. The default value is 0 i.e. disabled.
20.session.cache_limiterThis option set session.cache_limiter to private and set the flag to close the session immediately after reading it.
21.session.cache_expireIt specifies time-to-live for cached session pages in minutes, this has no effect for nocache limiter. The default value is 180.
22.session.use_trans_sidIt specifies whether the transparent sid support is enabled or not. The default value is 0 i.e. disabled.
23.session.bug_compat_42This directive is used to enable or disable the feature/bug.
24.session.bug_compat_warnThis directive is used to warn us, if this feature is used by enabling both session.bug_compat_42.
25.session.hash_functionIt allows us to specify the hash algorithm that is used to generate the session IDs. Value ‘0’ means MD5 (128 bits) and ‘1’ means SHA-1 (160 bits).
26.session.hash_bits_per_characterIt allows us to define how many bits are stored in each character when converting the binary hash data to something readable. The possible values are ‘4’ (0-9, a-f), ‘5’ (0-9, a-v), and ‘6’ (0-9, a-z, A-Z, “-“, “,”).
27.session.upload_progress.enabledThis directive is used to enable upload progress tracking, that populates the $_SESSION variable. The default value is 1 i.e. enabled.
28.session.upload_progress.cleanupThis directive is used to clean up the progress information as soon as all POST data has been read (i.e. upload completed). The default value is 1 i.e. enabled.
29.session.upload_progress.prefixIt is used for the upload progress key in the $_SESSION. This key will be concatenated with the value of $_POST [ini_get (“session.upload_progress.name”)] to provide a unique index. Defaults to “upload_progress_”.
30.session.upload_progress.nameIt is the name of the key to be used in $_SESSION storing the progress information. It has the default value as Defaults to “PHP_SESSION_UPLOAD_PROGRESS”.
31.session.upload_progress.freqIt defines how often the upload progress information should be updated. This can be defined in bytes or in percentages The default value is “1%”.
32.session.upload_progress.min_freqThe directive is used to set the minimum delay between updates, in seconds. The default value is “1” i.e. one second.
33.session.lazy_writeThis option is on by default. It causes PHP to overwrite any session file when the session data get changed.
34.read_and_closeThis option indicates that the session will be closed unchanged, immediately after reading the data.

Example of PHP 7 code for session options
Explanation of code

  • Here, we are creating a PHP session using an array of options.
  • In the array, we have defined two options such as cache_limiter and read_and_close. These options will read the session data and immediately close the session unchanged.
  • Lastly, we are printing a message string using print statement.

Following is the output visible when we execute above PHP program.
Source Code for Session Option in PHP 7

In this chapter, we have discussed about the session options feature that is added to PHP 7 as oppose to PHP 5.x. In the coming chapter of this tutorial, we are going to discuss about the Deprecated Features of PHP 7.


Please enter your comment!
Please enter your name here