Basic PHP Sessions

01
of 03

Starting a Session

In PHP, a session provides a way to store web page visitor preferences on a web server in the form of variables that can be used across multiple pages. Unlike a cookie, variable information is not stored on the user's computer. The information is retrieved from the web server when a session is opened at the beginning of each web page. The session expires when the web page is closed.

Some information, such as username and authentication credentials, is better saved in cookies, because they are needed before the website is accessed. However, sessions offer better security for personal information that is needed after the site launches, and they provide a level of customization for visitors to the site.

Call this example code mypage.php.

 <?php 
 // this starts the session 
 session_start(); 
 
 // this sets variables in the session 
 $_SESSION['color']='red'; 
 $_SESSION['size']='small'; 
 $_SESSION['shape']='round'; 
 print "Done";
 ?> 

The first thing this example code does is open the session using the session_start() function. It then sets the session variables—color, size and shape—to be red, small and round respectively.

Just as with cookies, the session_start() code must be in the header of the code, and you cannot send anything to the browser before it. It's best to just put it directly after <?php to avoid potential problems.

The session sets a tiny cookie on the user's computer to serve as a key. It is only a key; no personal information is included in the cookie. The web server looks for that key when a user enters the URL for one of its hosted websites. If the server finds the key, the session and the information it contains is opened for the first page of the website. If the server does not find the key, the user proceeds to the website, but the information saved on the server is not passed on to the website.

02
of 03

Using Session Variables

Each page on the website that needs access to the information stored in the session must have the  session_start() function listed at the top of the code for that page.  Note that the values for the variables are not specified in the code.

Call this code mypage2.php.

 <?php 
 // this starts the session 
 session_start(); 
 
 // echo variable from the session, we set this on our other page 
 echo "Our color value is ".$_SESSION['color']; 
 echo "Our size value is ".$_SESSION['size']; 
 echo "Our shape value is ".$_SESSION['shape']; 
 ?> 

All of the values are stored in the $_SESSION array, which is accessed here. Another way to show this is to run this code:

 <?php 
 session_start(); 
 Print_r ($_SESSION);
 ?> 

You can also store an array within the session array. Go back to our mypage.php file and edit it slightly to do this:

 <?php 
 session_start(); 
 
 // makes an array 
 $colors=array('red', 'yellow', 'blue'); 
 // adds it to our session 
 $_SESSION['color']=$colors; 
 $_SESSION['size']='small'; 
 $_SESSION['shape']='round'; 
 print "Done";
 ?> 

Now let's run this on mypage2.php to show our new information:

 <?php 
 session_start(); 
 Print_r ($_SESSION);
 echo "<p>";

 //echo a single entry from the array
 echo $_SESSION['color'][2];
 ?> 

03
of 03

Modify or Remove a Session

This code demonstrates how to edit or remove individual session variables or the entire session. To change a session variable, you just reset it to something else by typing right over it. You can use unset() to remove a single variable or use session_unset() to remove all variables for a session. You can also use session_destroy() to destroy the session completely.

 <?php 
 // you have to open the session to be able to modify or remove it 
 session_start(); 
 
 // to change a variable, just overwrite it 
 $_SESSION['size']='large'; 
 
 //you can remove a single variable in the session 
 unset($_SESSION['shape']); 
 
 // or this would remove all the variables in the session, but not the session itself 
 session_unset(); 
 
 // this destroys all the session variables and the session 
 session_destroy(); 
 ?> 

By default, a session lasts until the user closes his browser. This option can be changed in the php.ini file on the web server by changing the 0 in session.cookie_lifetime = 0 to the number of seconds you want the session to last or by using session_set_cookie_params().