Web Programming TutorialsLearn About the Session Option in PHP 7

Learn About the Session Option in PHP 7

In the last chapter, we discussed the ‘use’ statement and the new Integer division function along with examples. In this chapter, we are going to talk about the session options feature that is added to PHP 7.

Session Options in PHP 7
From PHP 7 version onwards, session_start () function has started accepting an array of options that is used to override the session configuration directives set in php.ini.
bool session_start ([ array $options = [] ] )
Following are the session configuration directives.

S. No. Directives Description
1. session.save_path It defines the argument which is passed to the save handler. If we choose the default files handler, this is the path where the files are created. Default value is “”.
2. session.name It specifies the name of the session that is used as cookie name. It should only contain alphanumeric characters. It defaults to PHPSESSID.
3. session.save_handler It defines the name of the handler that is used for storing and retrieving data associated with a session. It defaults to files.
4. session.auto_start It specifies whether the session module starts a session automatically on request start up. It defaults to 0 that is disabled.
5. session.gc_probability session.gc_probability along with session.gc_divisor are used to manage probability that garbage collection routine has started. Defaults value of session.gc_probability is 1.
6. session.gc_divisor It is coupled with session.gc_probability defines the probability that the garbage collection process is started on every session initialization. Calculation of the probability is done by using gc_probability/gc_divisor, e.g. 1/100 means there is only 1% chance that the GC process starts on each request. Default value of session.gc_divisor defaults is 100.
7. session.gc_maxlifetime It specifies the time in seconds after which data will be seen as ‘garbage’ for potential clean up. The Garbage collection may occur during session start.
8. session.serialize_handler It defines the name of the handler that is used to serialize/deserialize data. It defaults to php.
9. session.cookie_lifetime It specifies the lifetime of the cookie in seconds that is sent to the browser. The value 0 means “until the browser is closed.” The default value of this directive is 0.
10. session.cookie_path It specifies system path to set in the session cookie. The default value is /.
11. session.cookie_domain It specifies the domain to set in the session cookie. Default value is the host name of the server which generates the cookie according to cookies specification.
12. session.cookie_secure It specifies whether cookies should only be sent over secure connections or not. The default value is set to off.
13. session.cookie_httponly This directive marks that the cookie is accessible only through the HTTP protocol. This means that the cookie cannot be accessed by the scripting languages, such as JavaScript.
14. session.use_strict_mode It specifies whether the module will use strict session id mode or not. If this mode is enabled, the module does not accept uninitialized session ID. The default value is 0.
15. session.use_cookies It specifies whether the module will use cookies to store the session id on the client side or not. The default value is 1 which means it is enabled.
16. session.use_only_cookies It specifies whether the module will only use cookies to store the session id on the client side or not. The default value is 1 which means it is enabled.
17. session.referer_check It contains the substring that we want to check each HTTP Referrer for. If the Referrer was sent by the client and the substring was not found, the embedded session id will be marked as invalid. The default value is the empty string.
18. session.entropy_file It gives a path to an external resource i.e. file which will be used as an additional entropy source in the session id creation process.
19. session.entropy_length It specifies the number of bytes which will be read from the file specified above. The default value is 0 i.e. disabled.
20. session.cache_limiter This option set session.cache_limiter to private and set the flag to close the session immediately after reading it.
21. session.cache_expire It specifies time-to-live for cached session pages in minutes, this has no effect for nocache limiter. The default value is 180.
22. session.use_trans_sid It specifies whether the transparent sid support is enabled or not. The default value is 0 i.e. disabled.
23. session.bug_compat_42 This directive is used to enable or disable the feature/bug.
24. session.bug_compat_warn This directive is used to warn us, if this feature is used by enabling both session.bug_compat_42.
25. session.hash_function It allows us to specify the hash algorithm that is used to generate the session IDs. Value ‘0’ means MD5 (128 bits) and ‘1’ means SHA-1 (160 bits).
26. session.hash_bits_per_character It allows us to define how many bits are stored in each character when converting the binary hash data to something readable. The possible values are ‘4’ (0-9, a-f), ‘5’ (0-9, a-v), and ‘6’ (0-9, a-z, A-Z, “-“, “,”).
27. session.upload_progress.enabled This directive is used to enable upload progress tracking, that populates the $_SESSION variable. The default value is 1 i.e. enabled.
28. session.upload_progress.cleanup This directive is used to clean up the progress information as soon as all POST data has been read (i.e. upload completed). The default value is 1 i.e. enabled.
29. session.upload_progress.prefix It is used for the upload progress key in the $_SESSION. This key will be concatenated with the value of $_POST [ini_get (“session.upload_progress.name”)] to provide a unique index. Defaults to “upload_progress_”.
30. session.upload_progress.name It is the name of the key to be used in $_SESSION storing the progress information. It has the default value as Defaults to “PHP_SESSION_UPLOAD_PROGRESS”.
31. session.upload_progress.freq It defines how often the upload progress information should be updated. This can be defined in bytes or in percentages The default value is “1%”.
32. session.upload_progress.min_freq The directive is used to set the minimum delay between updates, in seconds. The default value is “1” i.e. one second.
33. session.lazy_write This option is on by default. It causes PHP to overwrite any session file when the session data get changed.
34. read_and_close This option indicates that the session will be closed unchanged, immediately after reading the data.

Example of PHP 7 code for session options
Explanation of code

  • Here, we are creating a PHP session using an array of options.
  • In the array, we have defined two options such as cache_limiter and read_and_close. These options will read the session data and immediately close the session unchanged.
  • Lastly, we are printing a message string using print statement.

Following is the output visible when we execute above PHP program.
Source Code for Session Option in PHP 7

In this chapter, we have discussed about the session options feature that is added to PHP 7 as oppose to PHP 5.x. In the coming chapter of this tutorial, we are going to discuss about the Deprecated Features of PHP 7.


Please enter your comment!
Please enter your name here

Exclusive content

- Advertisement -

Latest article


More article

- Advertisement -