Understanding How PHP Sessions Work

01
of 03

Starting a Session

In PHP, a session provides a way to store web page visitor preferences on a web server in the form of variables that can be used across multiple pages. Unlike a cookie, variable information is not stored on the user's computer. The information is retrieved from the web server when a session is opened at the beginning of each web page. The session expires when the web page is closed.

Some information, such as username and authentication credentials, is better saved in cookies because they are needed before the website is accessed. However, sessions offer better security for personal information that is needed after the site launches, and they provide a level of customization for visitors to the site.

Call this example code mypage.php.

 

The first thing this example code does is open the session using the session_start() function. It then sets the session variables—color, size, and shape—to be red, small and round respectively.

Just as with cookies, the session_start() code must be in the header of the code, and you cannot send anything to the browser before it. It's best to just put it directly after 

The session sets a tiny cookie on the user's computer to serve as a key. It is only a key; no personal information is included in the cookie. The web server looks for that key when a user enters the URL for one of its hosted websites. If the server finds the key, the session and the information it contains is opened for the first page of the website. If the server does not find the key, the user proceeds to the website, but the information saved on the server is not passed on to the website.

02
of 03

Using Session Variables

Each page on the website that needs access to the information stored in the session must have the  session_start() function listed at the top of the code for that page.  Note that the values for the variables are not specified in the code.

Call this code mypage2.php.

  

All of the values are stored in the $_SESSION array, which is accessed here. Another way to show this is to run this code:

 Print_r ($_SESSION);
 ?> 

You can also store an array within the session array. Go back to our mypage.php file and edit it slightly to do this:

  

Now let's run this on mypage2.php to show our new information:

 ";

 //echo a single entry from the array
 echo $_SESSION['color'][2];
 ?> 
03
of 03

Modify or Remove a Session

This code demonstrates how to edit or remove individual session variables or the entire session. To change a session variable, you just reset it to something else by typing right over it. You can use unset() to remove a single variable or use session_unset() to remove all variables for a session. You can also use session_destroy() to destroy the session completely.

  

By default, a session lasts until the user closes his browser. This option can be changed in the php.ini file on the web server by changing the 0 in session.cookie_lifetime = 0 to the number of seconds you want the session to last or by using session_set_cookie_params().