Session is a an ongoing interaction between a client and server. During the lifetime of a session you can store information related to a session. This is used commonly for shopping carts and similar web widgets/elements.
•Session is identified using a session ID•The session ID is transmitted between the client and server with each HTTP request and response•Client keeps track of a session through the use of a cookie•Server keeps track of a session through locally stored text files or a database
PHP sessions use underlying technologies of either Cookies (default) or URL rewriting. Information associated with a session is stored via name/value pairs and can be stored in the $_SESSION associative array. You use this array to both store and retrieve session data.
Simplest Example. To create a session use the session_start() function.
•Because of the dual purpose of session_start(), i.e., it can initialize a session or access an existing one, the PHP code must have a method for identifying whether a session has already been initiated.PHP Code to start session and create session variable
<?php session_start(); // store session data $_SESSION['views'] = 1; //retrieve data echo "Pageviews = ". $_SESSION['views']; ?>
Storing session variables and retrieving later
When you create a variable and store it in a session, you probably want to use it in the future.
However, before you use a session variable it is necessary that you check to see if it exists already!
This is where PHP's isset function comes in handy. isset is a function that takes any variable you
want to use and checks to see if it has been set. That is, it has already been assigned a value.PHP Code to check if session variable exists.
<?php
session_start();
//if session variable already exists then increment it by 1 //else set to 1
if(isset($_SESSION['views']))
$_SESSION['views'] = $_SESSION['views']+ 1;
else
$_SESSION['views'] = 1; echo "views = ". $_SESSION['views']; ?>The first time you run this script on a freshly opened browser the if statement will fail because no session variable views would have been stored yet. However, if you were to refresh the page the if statement would be true and the counter would increment by one. Each time you reran this script you would see an increase in view by one.
Ending the session
Although a session's data is temporary and does not require that you explicitly clean after yourself, you may wish to delete some data for your various tasks.
•To prevent security risks due to someone hijacking an old session and to avoid clogging the server with unused sessions, the server will clean up old sessions after a specified timeout period.
Session ending is not automatic. However,
- The programmer can force a session end with the command session_destroy().
- The default cookie lifetime is 0, meaning that the cookie is deleted and the session ends when the user closes the browser. You can influence the cookie's lifetime with the configuration value lifetime.
- The gc_maxlifetime configuration directive specifies how long after the last access to each session its data is destroyed. This happens even if the cookie still exists on the client side.
- You can use session_unregister() to remove variables from the session, for example, when the user removes a product item from the shopping cart. Similarly you can remove individual variables with unset()...see the example below.
Imagine that you were running an online business and a user used your website to buy your goods. The user has just completed a transaction on your website and you now want to remove everything from their shopping cart which has been associated with the session variable 'cart'.
PHP Code to remove session variable
<?php session_start(); //removes session variable cart if it exists if(isset($_SESSION['cart'])) unset($_SESSION['cart']); ?>You can also completely destroy the session entirely by calling the session_destroy function.
PHP Code to end the session
<?php session_start(); //intermediate code //..... //ready to destory session session_destroy(); ?>Destroy will reset your session, so don't call that function unless you are entirely comfortable losing all your stored session data!