PHP Session Handling
Posted: Wednesday, December 15, 2004
by SEOXpert
SEO
Installment 3 - PHP Session Handling - Cookies Enabled
Instead of storing session information at the browser through the use of cookies, the information can instead be stored at the server in session files. One session file is created and maintained for each user session. For example, if there are three concurrent users browsing the website, three session files will be created and maintained - one for each user. The session files are deleted if the session is explicitly closed by the PHP script or by a daemon garbage collection process provided by PHP. Good programming practice would call for sessions to be closed explicitly in the script.
The following is a typical server-browser sequence of events that occur when a PHP session handling is used:
1. The server knows that it needs to remember the State of browsing session
2. PHP generates a sssion ID and creates a session file to store future information as required by subsequent pages
3. A cookie is generated wih the session ID at the browser
4. This cookie that stores the session ID is transparently and automatically sent to the server for all subsequent requests to the server
The following PHP session-handling example accomplishes the same outcome as the previous cookie example. Copy the code below (both the php and the html) into a file with the .php extension and test it out.
Instead of storing session information at the browser through the use of cookies, the information can instead be stored at the server in session files. One session file is created and maintained for each user session. For example, if there are three concurrent users browsing the website, three session files will be created and maintained - one for each user. The session files are deleted if the session is explicitly closed by the PHP script or by a daemon garbage collection process provided by PHP. Good programming practice would call for sessions to be closed explicitly in the script.
1. The server knows that it needs to remember the State of browsing session
2. PHP generates a sssion ID and creates a session file to store future information as required by subsequent pages
3. A cookie is generated wih the session ID at the browser
4. This cookie that stores the session ID is transparently and automatically sent to the server for all subsequent requests to the server
The following PHP session-handling example accomplishes the same outcome as the previous cookie example. Copy the code below (both the php and the html) into a file with the .php extension and test it out.
Code:
The current session id is: This page has been displayed: times.
A summary of the functions that PHP provides for session handling are:
1. boolean start_session() - initializes a session
2. string session_id([string id]) - either returns the current session id or specify the session id to be used when the session is created
3. boolean session_register(mixed name [, mixed ...]) - registers variables to be stored in the session file. Each parameter passed in the function is a separate variable
4. boolean session_is_registered(string variable_name) - checks if a variable has been previously registered to be stored in the session file
5. session_unregister(string varriable_name) - unregisters a variable from the session file. Unregistered variables are no longer valid for reference in the session.
6. session_unset() - unsets all session variables. It is important to note that all the variables remain registered.
7. boolean session_destroy() - destroys the session. This is opposite of the start_session function.
The next installment discusses how to manage sessions using PHP session handling functions when cookies are disabled...
If cookies are disabled at the browser, the above example cannot work. This is because although the session file that stores all the variables is kept at the server, a cookie is still needed at the browser to store the session ID that is used to identify the session and its associated session file. The most common way around this would be to explicitly pass the session ID back to the server from the browser as a query parameter in the URL.
For example, the PHP script generates requests subsequent to the start_session call in the following format:
Code:
http://www.yourhost.com/yourphpfile.php?PHPSESSID=
The following are excerpts that illustrate the discussion:
Manually building the URL:
Code:
$url = "http://www.yoursite.com/yourphppage.php?PHPSESSID=" . session_id()
Building the URL using SID:
Code:
End of series. There are 4 installments in this series
This Article has been viewed 2,802 times. (Not updated in real-time.)
Top-level comments on this article: (1 total)Wow, another PHP coder! Your explanation of how to use the session id is spot on, and right down to the use of passing the session in the h t t p string ($url = $someUrl . "?sid=" . $_SESSION['id'] ).This is a very useful instruction. Still, I use cookies because they are so easy to track across multiple sessions, and give a sense of identity to the user. Did this guy log in as a user, a power user, an admin, etc.Nice work,- G
We want your comments! If you can read this, you don't have javascript enabled, so you can't use this comment system. Please enable javascript.