Sessions in PHP

Sessions is used to store and pass information from one web page to another
temporarily until the user close the website. In case of cookie, the in formations are stored in
user computer. But in case of session information is not stored on user computers.

PHP Sessions technique is widely used in shopping websites where we need to store
and pass Cart information. For example, user name, product name, product price, etc. from
one page to another.

PHP Sessions creates unique user ID for each browser to recognize the user and avoid
conflict between multiple rowsers.

User 1 Session ID
On Client 1 1. 2 Creates unique
1.1 Request
Session ID

Container

SERVER

2.1 Request 2. 2 Creates unique

Session ID

User 2 Session ID
On Client 2

To Start PHP Session:

A Session is started with the session_start() function. Session variable are set with the
PHP Global variable $_session.
PHP session_start() function:

PHP session_start() function is used to start the session. It starts a new or resumes
existing session. It returns existing session if created already. If session is not available, it
creates and returns new session.

Syntax:

Bool sesson_start(void) ;

Example:

Session_start();

PHP $_session :

PHP $_session is an associative array that contains all session variables. It is used to
set and get session variable’s value.

Example:

To store information:

$_session[“user”] = “SRI” ;

To get information:

echo $_session[“user”] ;

PHP Session Example Code:

Note: The session_start() function must be the very first thing in our document before
any HTML tags.

File Name : Session1.PHP

<?PHP

Session_start() ;

?>

<HTML>

<BODY>

<?PHP
 $_session[“user”] = “SRI” ;

echo “Sesson information are set successfully <BR> “l

?>

<A href=”Session2.PHP”> Visit Next Page </A>

</BODY >

</HTML>

- Save this file as “Sessions1.PHP”

To use this Session Variable in web page 2 :

File Name : Session2.PHP

<?PHP

Session_start() ;

?>

<HTML>

<BODY>

<?PHP

echo “User is : “ .$_session[“user”] ;

?>

<A href=”Session2.PHP”> Visit Next Page </A>

</BODY >

</HTML>

- Save this file as “Sessions2.PHP”

Modifying a Session Variable:

To modify the Session Variable vlues , just we over write it.

<?PHP

$_session[“user”] = “DEEPIKA” ;

Echo “Session information are set successfully <BR> “ ;

 ?>

Destroying Session:

To Destroy Session, we use session_destroy() function.

<?PHP

Session_start();

Session_destroy();

?>

To remove all Global Session Variable and destroy the Session, We use session_unset()
function and session_destroy() function to destroy all session variables completely.

File Name: Session3.PHP

<HTML>

<BODY>

<?PHP

// To Remove all Session Variables

Session_unset() ;

// To Destroy the Session

Session_destroy() ;

?>

</BODY>

</HTML>

- Save this file as “Session2.PHP”

***

PHP – Passing Session IDs in Query Strings :

Passing the Session ID:

There are two methods to propagate a Session ID:

- Cookies
 - URL parameter

The Session module supports both methods. Cookies are optional, but because they
are not always available. We also provide an alternative way. The second method
embeds the Session ID directly into URLs.

- PHP session IDs are saved in Cookies.

- Another alternative is to pass the Session ID inside links between the pages of our
site.
- PHP helps to automate this process with the built-in SID Constant.
- If the browser supports cookies, this Constant is empty.
- If the Session Cookie cannot be set on the browser, SID Contains a string similar to
the following:

PHPSESSID = b123123123123123123123123

- This Means that we can code the links in our pages to include the session ID, if
available:

<?PHP

Session_start();

?>

<A href=”MyScript.PHP ? <?PHP echo SID ; ?> “ > Home Page </A>

If the session ID was successfully stored in a browser cookie, the preceding code will
output:

<A href = “MyScript.PHP ? “> Home Page </A>

If PHP can’t create the Session Cookie, the code will output something along the lines
of

<A href = “MyScipt.PHP ? PHP SES SID = “b123123123123123123123123”> Home Page </ A>

When the user clicks to view MyScript.PHP, the PHPSESSID query string value is
automatically picked up by the PHP engine and the Session data is made available to the
script.

We need to have called session_start() before trying to access the SID Constant.

Note: Passing Sessions IDs in URL is best avoided, if possible.

***

Differences between Cookies and Sessions:

Cookies :

Ref

Sessions:

Ref

The key differences between Session and Cookies are:

- Sessions are Sever Side Files that store the user information, whereas the
Cookies are Client Side Files that contain user information on a local computer.
- Sessions are cookies dependent. Whereas cookies are not dependent on session.
- The Session end when the user closes the browser or logout from the
application, whereas Cookies expire at the set time.
- A Session can store as much data as a user want, whereas Cookies have a limited
size of 4 KB.

Sessions Cookies
1. A Session stores the variable and their 1. Cookies are stored on the user’s
values within a file in a temporary computer as a text file.
directory on the Server.

2. The Session ends when the user 2. Cookies end on the life-time set by
logout from the application or closes the user.
his web browser

3. It can store an unlimited amount of 3. It can only limited data.

data.

4. We an store as much data as we want 4. The maximum size of the browser’s

within a session, but there is a cookies is 4 KB
maximum memory limit which a script
can use at one time and it is 128 MB

5. We need to call the session_start() 5. We don’t need to call a function to

function to start the session. start a cookie, as it is stored within
the local computer.
 6. In PHP, to get session data, the 6. In PHP, to get the data from Cookies,
$_session global variable is used. the $_Cookie global variable is used

7. In PHP, to destroy or remove the data 7. We can set an expiration date to

stored within a session, we can use delete the cookie’s data. It will
the session_destroy() function and to automatically delete the data at that
unset a specific variable, we can use specific time. There is no particular
the unset() function. function to remove the cookie.

8 Sessions are more secured compared 8. Cookies are not secured, as data is
to cookies, as they save data in stored in a text file and if any un-
encrypted form. authorized user gets access to our
system and he can temper the data.

Conclusion:

From the above discussions, we can have a better understanding of Cookies and
Sessions, and the differences between them. Hence, we can conclude that Sessions is a way
to temporarily store the user information on the Server side, whereas Cookies store the
information on the user’s computer until it expires.

***

Using sessions in an environment with Registered Users:

Suppose that we have created an online community, or portal, or some other type of
application that user can join. The process usually involves a Registration Form, whereas the
user crates a User Name, and Password, and completes an identification profile. From this
point, forward each time when a Registered User lays into the system, we can grab the user’s
identification information and store it on the user’s session.

The items ae decide to store to user’s session should be those items we can imagine
using quite a bit and that could be inefficient to continually extract from the database. For
example, suppose that we have created portal in which user’s are assigned a certain level,
such as Administrators, Register User, Guest and so on. Within our display modules, we would
always want to check to verify that the user accessing the module has the proper permissions
to do so. Thus, user level is an example of a value stored in the user’s session. So, that the
authentication script used in the display of the required module only has to check a session
variable, and there is no need to connect to select and query the database.

Working with user preference:

If we are felling adventurous in the design phase of a user-based application we might
built a system in which Registered Users can set specific preferences that affect the way they
view our site. For example, we might allow our user to select from a pre-determined color
scheme, font type and size and others we might allow the users to turn off visibility of contain
content groupings.

We can store each of those functional elements in a session. When the user logs in
the application loads all relevant values into the user’s session and reacts accordingly for each
subsequently requested page. Should the user decode to change their preferences, they could
do so while logged-in. We could even pre-populate preferences from based on the items
stored in the session instead on the items stored in the session instead of going back to the
database to retrieve them. If the user changes a preferences while the user logged-in, simply
replace the value stored in the $_session super global with the new session. No need to force
the user to logout and then log-back in again.

***