Today we will learn how to start, use and end sessions in this PHP Sessions tutorial.
We are familiar with cookies that we learned in the last tutorial. Cookies are used to remember the information in a website such as pages visited by a visitor, etc. Similarly, sessions are used to store information for a particular user after logging into the site and it also allows access to that information anywhere i.e. on any page of that website.
- Session starts when a user logs in and ends when the user logs out.
- It helps to store and access values in any page of the website.
- In PHP when a session starts, a unique session ID of 32 bit hexadecimal number is given to the user and a file with 32 bit hexadecimal number as its name is stored in a temporary directory on the server. All the values in that particular session are stored on the server in this file.
- This 32 bit hexadecimal number is sent in a cookie file and stored on the user PC.
- Whenever PHP code wants to retrieve the values stored in the session, it gets the session id from the cookie file and matches it with the file name in the temporary directory on the server and gets the required values from there.
- This is why every person logging into his account can view only his data and not others, even though many users log into the same site at once.
- Sessions and cookies have same task, but they are different in some respect from each other.
- Such as cookies are stored on user’s machine but session files are stored on the server.
- Cookies can reside on user’s machine till its expiry time reach but sessions end as soon as the user logs out.
- Hence it is better to use sessions than cookies in most of the tasks.
- Let us learn how to start, use and end sessions in our PHP script.
Starting a session:
- In PHP a session can be started using the function session_start(). It has no parameters.
- If a session is not started, the values stored in the session cannot be accessed throughout the website.
- The session_start() function first checks if the sessions has started already and if not, it creates a new session between the user and the server.
- Before you store information in the session, session should be started using session_start() function.
- This should be at the beginning, even before the html or javascript is sent to the browser just like the cookies.
- An example is given below:
<?php session_start(); ?> <html> - - - </html>
Setting session variables:
- Session variables can be set after starting the session at the beginning.
- The super global array variable $_SESSION us used to set the session variables.
- We can set any number of session variables we require using this $_SESSION variable in a session.
- Let us see an example of session variable that stores the userid of the user who logged into the shopping website.
- To demonstrate it, create a new folder named session in the htdocs folder which is in the xampp folder in C drive. Then open a new notepad++ file and save it as index.php in this newly created session folder.
- Write the following code in index.php file:
<?php //starting a session session_start(); ?> <html> <head> <title>PHP Sessions</title> <style> .design{ color:orange; font-weight:bold; font-size:30; } .diff{ color:red; font-weight:bold; font-size:30; } </style> </head> <body> <h1>Setting session variable</h1> <?php $_SESSION["userid"]="Michael"; echo '<br><p class="design">Session variable <span class="diff">userid</span> set.</p>'; ?> </body> </html>
$_SESSION["userid"]="Michael";
Retrieving a session variable value:
- We know that we can access the session variable values anytime and in any page in the website till the session is active.
- The retrieval is very easy. The session variable is stored in the array variable $_SESSION. This $_SESSION variable is only used to access the stored session variables.
- Since it is global it can be accessed in any page of the website.
- Let us access the value of session variable userid in another page.
- We will welcome the user as soon as he logs into the website.
- For that first add the following code statement to index.php page:
header("Location: welcome.php");
<?php //starting a session session_start(); ?> <html> <head> <title>PHP Sessions</title> <style> .design{ color:orange; font-weight:bold; font-size:30; } .diff{ color:red; font-weight:bold; font-size:30; } </style> </head> <body> <h1>Accessing session variable</h1> <?php $user=$_SESSION["userid"]; echo '<p class="design">Welcome <span class="diff">'.$user.'</span> to QuickShop.com</p>'; ?> </body> </html>
$user=$_SESSION["userid"];
Destroying a session:
- Destroying a session is very important while ending the session.
- It is very important from security point of view since we are dealing with sensitive information. For eg. Online shopping. This is mostly done at the time when user logs out.
- We can delete the value of a single session variable or delete values of all the session variables or destroy them completely.
- But it is more recommended to destroy all the session variables after logging out, which even does not occupy server unnecessarily.
- The value from a single variable can be deleted using a function unset().
- Example:
<?php unset($_SESSION[“userid”]); ?>
<?php session_unset(); ?>
<?php //start the session session_start(); //some code in between //terminate the session session_destroy(); ?>
Thus we completed learning to start session, store values in session variables that will be useful in session and then to destroy or stop the session in this PHP Sessions tutorial.