session in php

Sharing is caring!

In this tutorial you will learn how to store certain data on the server on a temporary basis using PHP session.

What is a Session

Although you can store data using cookies but it has some security issues. Since cookies are stored on user’s computer it is possible for an attacker to easily modify a cookie content to insert potentially harmful data in your application that might break your application.

Also every time the browser requests a URL to the server, all the cookie data for a Web site is automatically sent to the server within the request. It means if you have sotored 5 cookies on user’s system, each having 4KB in size, the browser needs to upload 20KB of data each time the user views a page, which can affect your site’s performance.

You can solve both of these issues by using the PHP session. A PHP session stores data on the server rather than user’s computer. In a session based environment, every user is identified through a unique number called session identifier or SID. This unique session ID is used to link each user with their own information on the server like emails, posts, etc.

Starting a PHP Session

Before you can store any information in session variables, you must first start up the session. To begin a new session, simply call the session_start() function. It will create a new session and generate a unique session ID for the user.

The PHP code in the example below simply starts a new session.

<?php
session_start(); // start up your PHP session! 
?>

The session_start() function first checks for an existing session ID. If it finds one, i.e. if the session is already started, it sets up the session variables and if doesn’t, it starts a new session by creating a new session ID.

Storing a Session Variable

When you want to store user data in a session use the $_SESSION associative array. This is where you both store and retrieve session data. In previous versions of PHP there were other ways to perform this store operation, but it has been updated and this is the correct way to do it.

<?php
session_start(); 
$_SESSION['views'] = 1; // store session data
echo "Pageviews = ". $_SESSION['views']; //retrieve data
?>

Display:

Pageviews = 1

In this example we learned how to store a variable to the session associative array $_SESSION and also how to retrieve data from that same array.

PHP Sessions: Using PHP’s isset Function

Now that you are able to store and retrieve data from the $_SESSION array, we can explore some of the real functionality of sessions. When you create a variable and store it in a session, you probably want to use it in the future. However, before you use a session variable it is necessary that you check to see if it exists already!

This is where PHP’s isset function comes in handy. isset is a function that takes any variable you want to use and checks to see if it has been set. That is, it has already been assigned a value.

With our previous example, we can create a very simple pageview counter by using isset to check if the pageview variable has already been created. If it has we can increment our counter. If it doesn’t exist we can create a pageview counter and set it to one. Here is the code to get this job done:

<?php
session_start();  
if(isset($_SESSION['views']))
    $_SESSION['views'] = $_SESSION['views']+ 1;
else
    $_SESSION['views'] = 1;

echo "views = ". $_SESSION['views']; 
?>

The first time you run this script on a freshly opened browser the if statement will fail because no session variable views would have been stored yet. However, if you were to refresh the page the if statement would be true and the counter would increment by one. Each time you reran this script you would see an increase in view by one.

Cleaning and Destroying your Session

Although a session’s data is temporary and does not require that you explicitly clean after yourself, you may wish to delete some data for your various tasks.

Imagine that you were running an online business and a user used your website to buy your goods. The user has just completed a transaction on your website and you now want to remove everything from their shopping cart.

<?php
session_start();  
if(isset($_SESSION['cart']))
    unset($_SESSION['cart']); 
?>

You can also completely destroy the session entirely by calling the session_destroy function.

<?php
session_start(); 
session_destroy();
?>

Destroy will reset your session, so don’t call that function unless you are entirely comfortable losing all your stored session data!

 

Comments 30

Leave a Reply

Your email address will not be published. Required fields are marked *