A large number of websites we encounter these days, provides us with Login/Logout provisions. After the user is logged in, showing the content depending on his personnel preferences is made possible mainly by use of Session Control Mechanism.
If you have heard, it is very popular phrase that HTTP is a stateless protocol. That is, there is no built in provision in it to remember the User Agent (client), who is making the call to the server.
To overcome this, session control is bound to be used, if you want to provide the users with login/logout facility. Other method, that was very popular in past can also be used for this, but it caters several limitations, as the information collected through cookies is saved on client computer rather than server. Thus, the client can do whatever he wants with that data. And this is not preferable. So cookies are not used these days for collecting and saving all the information during logging process, rather they are only used to store the Session ID.
Sessions in php are driven by unique Session ID (a random number generated by php). This session ID is stored in client computer for the lifetime of the session that can be stored in cookie or can be passed to URL.
This session ID is the gateway that allow for registering Session variables. The contents of variables are stored on server (invisible to client), only the Session ID is stored on client machine i.e. visible to user. If at the time of particular connection to your site, session ID is visible through URL of through cookie, user can assess the content of session variables residing on server. By default, session variables are stored on flat files, but you can also store that in database. (Storing Session variables in database is though not preferable).
Implementation of Simple Sessions:
The basic steps involved in using sessions are:
- Starting a session
- Registering Session variables
- Using session variables
- Unsetting variables and destroying the session
Starting a session:
There are two methods that can be used for starting a session. First and simplest one is to begin the script with a call to built-in php function session_start();. This function fulfill two purposes. It first make a check whether the session has already been started? If yes, then it loads the registered session variables to be used in current script. And if not, this function starts the session and provide the access to super-global $_SESSION array.
This function must be called at the start of php scripts that use sessions, otherwise anything stored in $_SESSION will not be available to that script.
Second method is to change php settings to start session automatically when someone comes to your site. There is a setting called session.auto_start option in php.ini file. This method has one big disadvantage: with auto_start enabled, you can’t use objects as session variables. So this method is never recommended.
Registering Session variables
Session variables are stored in super-global variable $_SESSION. To create a session variable, you simply add an element to this array as follows:
$_SESSION[‘myvar’] = 5;
The Session variable just created will be tracked until session ends or you manually unset it. The session may also naturally expire based on the session.gc_maxlifetime setting in the php.ini file. This is the time in seconds.
Using Session Variables
Before using the session variable, you must first start the session with session_start();. Then you can simply access any variable as under:
$_SESSION[‘myvar’];
Unsetting Variables and Destroying the Session
You can unset a single variable as under:
unset($_SESSION[‘myvar’]);
Never try to unset the whole $_SESSION array as it will effectively disable sessions.
To unset all session variables at once, rather use:
$_SESSION = array();
After that, you should destroy the session to clean up the Session ID as under:
session_destroy();
