In this lesson, you will learn how to create and use sessions for seamless user experience over a web application. The session is a crucial concept behind information persistence across all the pages of a website or app.
Sessions in PHP
A session keeps a piece of information available across the web applications to identify users as they navigate a site or app. The HTTP protocol is a stateless protocol, which means that there is no way a web server can remember a specific user between two requests. The server is just responsible for returning the response to the client’s request sent by the web browser. So every request goes and come back individually and doesn’t maintain any relation with each other.
Difference between Cookies and Sessions
We have already studied about the cookies in the previous lesson. Cookies and Sessions, both are used to maintain the persistence connection between the user and the web server. A cookie stores the user information on the users’ web browser, whereas a session is stored on the web server.
The other difference is the data limit. A cookie can hold up to 4KB information whereas sessions do not have to face any storage limitation.
Creating a Session
When a user initiates a new session, PHP creates a new file in a temporary directory on the web server. You can determine the location of the directory by a configuration option session.save_path in the php.ini file.
PHP will generate a unique identifier for every new session that is being created by the web server. This unique identifier is a string of 32 hexadecimal numbers. The web server will also create a cookie called PHPSESSID to hold this unique identification string. This cookie will be stored on the user’s web browser. PHP will create a session file on the web server to keep the session variables and their values.
A session ends when a user signs out from the web application or closes the browser, or when it expires after a predetermined time.
To start a session in PHP, simply call session_start() function.
<?php session_start(); ?>
You must include session_start() function at the beginning of every page you want to participate in a session. The session is part of HTTP head so it needs to be created and sent before any other HTTP output or you will get “headers already sent” error message. It will look for an existing session, and it will create one if not found.
PHP store session variables in the superglobal associative array $_SESSION. You can access session variables throughout a session.
You can check for an existing session in the following ways.
Checking a session in PHP (method 1)
PHP 7 recommends checking for any existing session before creating one.
<?php If(session_status() == PHP_SESSION_NONE){ session_start(); } ?>
Checking a session in PHP (method 2)
You can also use session_id() to see if there is any existing session.
<?php If(strlen(session_id()<1) { session_start(); } ?>
Checking a session in PHP (method 3)
<?php If(!isset($_SESSION)){ session_start(); } ?>
Creating Session Variables
At the time, the session is started, the super global array $_SESSION is initialized with an empty array. To fill-in the session information, you need to create session variables.
<?php // start a session session_start(); // initialize session variables $_SESSION['user_id'] = '1'; $_SESSION['user_name'] = 'admin'; // access session variables echo $_SESSION['user_id']; echo $_SESSION['user_name']; ?>
Get Session ID
As mentioned above, the web server creates a unique identification string for each session generated. To get the session id, call session_id() function.
<?php session_start(); echo session_id(); ?>
This function will return the ID of the current session.
Deleting Session Variables
PHP lets you destroy an entire session with just one function – session_destroy(). It doesn’t need any parameters. This function will delete all session variables. to destroy only one session variable, use the unset($_SESSION[‘vars’]) instead.
<?php session_destroy(); ?>
PHP Cookies | Tutorial Home | PHP Send Email |