Understanding PHP Sessions

Revision as of 20:16, 27 October 2016 by Neil (Talk | contribs) (Text replacement - "<table border="0" cellspacing="0"> " to "<table border="0" cellspacing="0" width="100%">")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Revision as of 20:16, 27 October 2016 by Neil (Talk | contribs) (Text replacement - "<table border="0" cellspacing="0"> " to "<table border="0" cellspacing="0" width="100%">")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
PreviousTable of ContentsNext
PHP and Cookies - Creating, Reading and WritingPHP Object Oriented Programming


Purchase and download the full PDF and ePub versions of this PHP eBook for only $8.99


In the previous chapter (PHP and Cookies - Creating, Reading and Writing) we looked at the use of cookies to maintain state. In that chapter we also mentioned the use of PHP sessions as an alternative to the use of cookies. We also provided an overview of the difference between cookies and PHP sessions.

In this chapter we will explore the concept of PHP sessions in more detail and provide some examples of how to create and use sessions.

What is a PHP Session?

PHP Sessions allow web pages to be treated as a group, allowing variables to be shared between different pages. One of the weaknesses of cookies is that the cookie is stored on the user's computer (and by user we mean the person with the browser visiting your web site). This provides the user the ability to access, view and modify that cookie for potentially nefarious purposes. PHP sessions, on the other hand, store only an ID cookie on the user's system which is used to reference the session file on the server. As such, the user has no access to the content of the session file, thereby providing a secure alternative to cookies. PHP sessions also work when the user has disabled the browser's cookie support. In this situation it includes the session ID information in the web page URLs.

Creating a PHP Session

PHP sessions are created using the session_start() function which should the first function call of the PHP script on your web page (i.e. before any output is written to the output stream).

The following example demonstrates the creation of a PHP session:

<?php
       session_start();
?>
<html>
<head>
<title>A PHP Session Example</title>
</head>
<body>
</body>
</html>

Creating and Reading PHP Session Variables

Variables can be assigned to a session using the $_SESSION array. This is a global array that is accessible to all the pages on your web site. This is also an associative array (see PHP Arrays for details of using arrays in PHP) and as such it is possible to access array elements using the variable name as an index.

Session variables can be any type of data such as strings, numbers, arrays and objects.

Session variables can be defined using a number of mechanisms. Variables can be assigned directly to the $_SESSION array using the assignment operator and variable name:

<?php
     $_SESSION['userName'] = 'JohnW';
?>

Another option is to use the PHP session_register() function. session_register() takes two arguments, the string representing the variable name, and the value to be assigned to the variable:

<?php
session_register('username', 'JohnW');
?>

Session variables are accessed by using the variable name as an index key into the $_SESSION array. The session_is_registered() function can also be used to make sure the variable exists before attempting to read the value (which is generally considered to be good practice). For example:

<?php
session_start();
?>
<html>
<head>
<title>Simple HTML Form</title>
</head>
<body>
<?php
        $_SESSION['userName'] = 'JohnW';

        if (session_is_registered('userName'))
        {
                echo 'userName = ' . $_SESSION['userName'];
        }
?>

</body>
</html>

The resulting output from the above page will read:

userName = JohnW

The same PHP code to read the value can be used on any page on your web server to access the current value of the variable.

Writing PHP Session Data to a File

Session data only stays active on the web server until it expires or the session is deleted. Once deleted, all the data associated with the session is lost. A snapshot of the session data can, however, be taken at any time and written out to a file. Once saved, it can be reloaded when required.

To save a session state the session_encode() function is used combined the PHP file I/O functions (see PHP, Filesystems and File I/O for details of reading and writing files). The session_encode() function returns an encoded string containing the session data. Once this string has been obtained it can be written to a file:

<?php
session_start();
?>
<html>
<head>
<title>Simple HTML Form</title>
</head>
<body>
<?php
      $_SESSION['userName'] = 'JohnW';
      $_SESSION['emailAddress'] = '[email protected]';
      $session_data = session_encode(); // Get the session data
      $filehandle = fopen ('/tmp/php_session.txt', 'w+'); // open a file write session data
      fwrite ($filehandle, $session_data); // write the session data to file
      fclose ($filehandle);
?>

</body>
</html>

If you are interested in seeing what the encoded session data looks like you can load it into a text editor. The above example creates the following data in the file:

userName|s:5:"JohnW";emailAddress|s:16:"[email protected]";

Reading a Saved PHP Session

Once session data has been written to a file it can be read back in, decoded and applied to the current session. This is achieved using the session_decode() function:

<?php
      session_start();
?>
<html>
<head>
</head>
<body>
<?php

      $filehandle = fopen ('/tmp/php_session.txt', 'r'); // open file containing session data 

      $sessiondata = fread ($filehandle, 4096); // read the session data from file

      fclose ($filehandle);

      session_decode($sessiondata); // Decode the session data

      print_r($sessiondata); // Display the session data
?>
</body>
</head>

Purchase and download the full PDF and ePub versions of this PHP eBook for only $8.99