In this tutorial you will learn how to store certain data on the server on a temporary basis using PHP session. Show What is a SessionAlthough you can store data using cookies but it has some security issues. Since cookies are stored on user's computer it is possible for an attacker to easily modify a cookie content to insert potentially harmful data in your application that might break your application. Also every time the browser requests a URL to the server, all the cookie data for a website is automatically sent to the server within the request. It means if you have stored 5 cookies on user's system, each having 4KB in size, the browser needs to upload 20KB of data each time the user views a page, which can affect your site's performance. You can solve both of these issues by using the PHP session. A PHP session stores data on the server rather than user's computer. In a session based environment, every user is identified through a unique number called session identifier or SID. This unique session ID is used to link each user with their own information on the server like emails, posts, etc. Tip: The session IDs are randomly generated by the PHP engine which is almost impossible to guess. Furthermore, because the session data is stored on the server, it doesn't have to be sent with every browser request. Starting a PHP SessionBefore you can store any information in session variables, you must first start up the session. To begin a new session, simply call the PHP The PHP code in the example below simply starts a new session. The Note: You must call the Storing and Accessing Session DataYou can store all your session data as key-value pairs in the To access the session data we set on our previous example from any other page on the same web domain — simply recreate the session by calling The PHP code in the example above produce the following output. Note: To access the session data in the same page there is no need to recreate the session since it has been already started on the top of the page. Destroying a SessionIf you want to remove certain session data, simply unset the corresponding key of the 1 associative array, as shown in the following example:However, to destroy a session completely, simply call the 3 function. This function does not need any argument and a single call destroys all the session data.Note: Before destroying a session with the 3 function, you need to first recreate the session environment if it is not already there using thesession_start() function, so that there is something to destroy.Every PHP session has a timeout value — a duration, measured in seconds — which determines how long a session should remain alive in the absence of any user activity. You can adjust this timeout duration by changing the value of 6 variable in the PHP configuration file (7).There are two very similar PHP function session_destroy() & session_unset(). Both seem to delete all variables registered to a session but there is difference between them. session_destroy() function: It destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. Syntax: bool session_destroy( void ) session_unset() function: It deletes only the variables from session and session still exists. Only data is truncated. Syntax: bool session_unset( void ) Example 1: This example saving the session by using session.php file.
bool session_unset( void )1 bool session_unset( void )2 bool session_unset( void )3 bool session_unset( void )4 bool session_unset( void )5 bool session_unset( void )6 bool session_unset( void )7 bool session_unset( void )8 echo <?php 0 <?php 1<?php 2<?php 3
bool session_unset( void )8 echo <?php 0 <?php 1 1<?php 3
bool session_unset( void )4 bool session_unset( void )5 bool session_unset( void )6 8 9<?php 3bool session_unset( void )4 bool session_unset( void )5 // Function to start session 3 8// Function to start session 5 <?php 3
Output: Before using session_unset() function: Before using the session function it displaying the name and email.
bool session_unset( void )1 bool session_unset( void )2 bool session_unset( void )3 bool session_unset( void )4 bool session_unset( void )5 bool session_unset( void )6 bool session_unset( void )7 bool session_unset( void )8 echo <?php 2<?php 3
bool session_unset( void )8 echo // Display the session id 0<?php 3
bool session_unset( void )4 bool session_unset( void )5 bool session_unset( void )6 // Display the session id 8<?php 0<?php 3
bool session_unset( void )4 bool session_unset( void )5 // Function to start session 3// Display the session id 8<?php 0<?php 3
Output: After using session_unset() function: This function destroys the variables like ‘name’ and ’email’ which are using.
bool session_unset( void )1 bool session_unset( void )2 bool session_unset( void )3 bool session_unset( void )4 bool session_unset( void )5 bool session_unset( void )6 bool session_unset( void )7 bool session_unset( void )8 echo <?php 2 <?php 3
bool session_unset( void )8 echo bool session_unset( void )11 <?php 3
bool session_unset( void )4 bool session_unset( void )5 bool session_unset( void )6 bool session_unset( void )19
bool session_unset( void )4 bool session_unset( void )5 // Function to start session 3bool session_unset( void )19
bool session_unset( void )26 bool session_unset( void )27
Output: session_destroy() function: It destroys the whole session rather destroying the variables. When session_start() is called, PHP sets the session cookie in browser. We need to delete the cookies also to completely destroy the session. Example: This example is used to destroying the session.
bool session_unset( void )1 bool session_unset( void )2 bool session_unset( void )3 bool session_unset( void )4 bool session_unset( void )5 bool session_unset( void )6 bool session_unset( void )7 bool session_unset( void )8 echo <?php 2<?php 1<?php 0 <?php 3
bool session_unset( void )8 echo 1<?php 1<?php 0<?php 3
bool session_unset( void )4 bool session_unset( void )5 bool session_unset( void )6 // Display the session id 8<?php 0<?php 3
bool session_unset( void )4 bool session_unset( void )5 // Function to start session 3// Display the session id 8<?php 0<?php 3
bool session_unset( void )4 bool session_unset( void )75 bool session_unset( void )76 bool session_unset( void )77
bool session_unset( void )79 bool session_unset( void )80 bool session_unset( void )81 bool session_unset( void )82 bool session_unset( void )2 bool session_unset( void )84 bool session_unset( void )85 bool session_unset( void )84 bool session_unset( void )87 bool session_unset( void )88 bool session_unset( void )8 bool session_unset( void )90 bool session_unset( void )91 bool session_unset( void )8 bool session_unset( void )93 bool session_unset( void )94 bool session_unset( void )95 bool session_unset( void )96 bool session_unset( void )90 bool session_unset( void )5 bool session_unset( void )99 <?php 00bool session_unset( void )90 bool session_unset( void )5 <?php 03<?php 00bool session_unset( void )96 bool session_unset( void )90 bool session_unset( void )5 <?php 08<?php 00bool session_unset( void )90 bool session_unset( void )5 <?php 12<?php 13bool session_unset( void )8 <?php 15
Output: The execution of session.php file you can see that there is a different session ID it means the previous session has been destroyed and all variables and cookies also destroyed. Since all variables destroyed so PHP go to else condition output ‘session is destroyed’. Note: If it’s desired to kill the session, also delete the session cookie. This will destroy the session, and not just the session data. What is PHP session_start () function?session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie. When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers.
How to use session_start in PHP?Starting a PHP Session
A PHP session is easily started by making a call to the session_start() function. This function first checks if a session is already started and if none is started then it starts one. It is recommended to put the call to session_start() at the beginning of the page.
Why must you call session_start () prior to any output?It's important to keep in mind that session_start() must be called before any output is sent to the browser. This is a common source of errors, for example if the PHP file has an empty line at the beginning. session_name() changes the current Session's name and the name of the Session Cookie sent to the remote browser.
Do I need session_start on every page?It must be on every page you intend to use. The variables contained in the session—such as username and favorite color—are set with $_SESSION, a global variable. In this example, the session_start function is positioned after a non-printing comment but before any HTML.
|