PHP Sessions


Today we will learn how to start, use and end sessions in this PHP Sessions tutorial.
We are familiar with cookies that we learned in the last tutorial. Cookies are used to remember the information in a website such as pages visited by a visitor, etc. Similarly, sessions are used to store information for a particular user after logging into the site and it also allows access to that information anywhere i.e. on any page of that website.

  • Session starts when a user logs in and ends when the user logs out.
  • It helps to store and access values in any page of the website.
  • In PHP when a session starts, a unique session ID of 32 bit hexadecimal number is given to the user and a file with 32 bit hexadecimal number as its name is stored in a temporary directory on the server. All the values in that particular session are stored on the server in this file.
  • This 32 bit hexadecimal number is sent in a cookie file and stored on the user PC.
  • Whenever PHP code wants to retrieve the values stored in the session, it gets the session id from the cookie file and matches it with the file name in the temporary directory on the server and gets the required values from there.
  • This is why every person logging into his account can view only his data and not others, even though many users log into the same site at once.
  • Sessions and cookies have same task, but they are different in some respect from each other.
  • Such as cookies are stored on user’s machine but session files are stored on the server.
  • Cookies can reside on user’s machine till its expiry time reach but sessions end as soon as the user logs out.
  • Hence it is better to use sessions than cookies in most of the tasks.
  • Let us learn how to start, use and end sessions in our PHP script.

Starting a session:

  • In PHP a session can be started using the function session_start(). It has no parameters.
  • If a session is not started, the values stored in the session cannot be accessed throughout the website.
  • The session_start() function first checks if the sessions has started already and if not, it creates a new session between the user and the server.
  • Before you store information in the session, session should be started using session_start() function.
  • This should be at the beginning, even before the html or javascript is sent to the browser just like the cookies.
  • An example is given below:

Setting session variables:

  • Session variables can be set after starting the session at the beginning.
  • The super global array variable $_SESSION us used to set the session variables.
  • We can set any number of session variables we require using this $_SESSION variable in a session.
  • Let us see an example of session variable that stores the userid of the user who logged into the shopping website.
  • To demonstrate it, create a new folder named session in the htdocs folder which is in the xampp folder in C drive. Then open a new notepad++ file and save it as index.php in this newly created session folder.
  • Write the following code in index.php file:
  • In the above code we have first of all started a new session using session_start() function.
  • Then a session variable userid is set i.e. assigned a value using the $_SESSION array variable as shown below:
  • Here, the variable userid is used as the key in the associative array $_SESSION and Michael is the value assigned to it.
  • A sentence Session variable userid set is displayed later using echo statement.
  • We can store values in number of session variables at a time.
  • To get the output open the browser and write the address localhost/session in its address bar.
  • The output is shown below:

  • fig 1

Retrieving a session variable value:

  • We know that we can access the session variable values anytime and in any page in the website till the session is active.
  • The retrieval is very easy. The session variable is stored in the array variable $_SESSION. This $_SESSION variable is only used to access the stored session variables.
  • Since it is global it can be accessed in any page of the website.
  • Let us access the value of session variable userid in another page.
  • We will welcome the user as soon as he logs into the website.
  • For that first add the following code statement to index.php page:
  • This header function will redirect you to the welcome.php page where we will access the value of userid variable.
  • We don’t have welcome.php page yet, so let us create a new page named welcome.php in our session folder which is in htdocs folder and access the userid session variable which was set in index.php in welcome.php page.
  • Write the following code in welcome.php page:
  • In the above code, we have again started the session using session_start() function. But this time the same session started in the index.php page is continued here, no new session is created.
  • Next the value of session variable userid is accessed using the $_SESSION array variable and stored in a local variable $user as shown below:
  • Then a welcome message to welcome the user is displayed.
  • Now when we reload the browser, first the index.php page will redirect us to welcome.php page with the help of the header() function in it within a second and a welcome message will be visible to us along with the value of the userid variable in it.
  • The output is shown below:

  • fig 2

Destroying a session:

  • Destroying a session is very important while ending the session.
  • It is very important from security point of view since we are dealing with sensitive information. For eg. Online shopping. This is mostly done at the time when user logs out.
  • We can delete the value of a single session variable or delete values of all the session variables or destroy them completely.
  • But it is more recommended to destroy all the session variables after logging out, which even does not occupy server unnecessarily.
  • The value from a single variable can be deleted using a function unset().
  • Example:
  • This unset() function will delete the value Michael from session variable userid in our case.
  • If we have set more than one session variables, values of all the variables can be deleted at once using session_unset() function. It has no parameters.
  • Example:
  • But even though we have deleted the values from the variables using unset() or session_unset() functions, the session variables are still alive. We can again use them to store values.
  • Now if you want to stop/end the session itself, you need to use session_destroy() function.
  • This can be done when the user clicks the logout button, the only thing to be done is calling session_destroy() function.
  • Example:

Thus we completed learning to start session, store values in session variables that will be useful in session and then to destroy or stop the session in this PHP Sessions tutorial.


Please enter your comment!
Please enter your name here