PHP Sessions

Introduction
• A session is a way to store information (in
variables) to be used across multiple
pages.
• The idea of session control is to be able to
track a user during a single session on a
website or web-based application.
• Session can easily support logging in a
user and showing content according to
their authorization level.
© K.S. Mbise PHP Sessions Slide 2
How sessions work
• They are based on assigning each user
a unique number, or session id.
• Even for extremely heavy use sites,
this number can for all practical
purposes can be regarded as unique.
• E.g.,
26fe536a534d3c7cde4297abb45e275a

© K.S. Mbise PHP Sessions Slide 3

How sessions work cont…
• This session id is stored in a cookie, or
passed in the URL between pages
while the user browses.
• The data to be stored (e.g. name,
password, etc.) is stored securely in a
superglobal variable, and referenced
using the session id.

© K.S. Mbise PHP Sessions Slide 4

Implementing sessions
• The basic steps of using sessions are:
1. Starting (resuming) a session
2. Registering (storing) session
variables
3. Using session variables
4. Deregistering variables and
destroying the session
© K.S. Mbise PHP Sessions Slide 5
Starting or resuming a session
• Before you can use session functionality,
you need to actually begin a session by
using session_start() function.
• It's essential to call session_start() at the
start of all your scripts that use sessions.
• If this function is not called, anything
stored in the session will not be available
to this script.
© K.S. Mbise PHP Sessions Slide 6
Starting or resuming a session
cont…
• This function checks to see whether
there is already a current session. If not,
it will essentially create one, providing
access to the superglobal array
$_SESSION.
• If a session already exists,
session_start() loads the registered
session variables so that you can use
them.
© K.S. Mbise PHP Sessions Slide 7
Storing session data
• Session variables are registered and
stored in the superglobal array
$_SESSION.
• E.g.,
• $_SESSION['name'] = $name;
• $_SESSION['age'] = $age;

© K.S. Mbise PHP Sessions Slide 8

Using session variable
• To bring session variables into scope
so that they can be used, you must
first start a session calling
session_start().
• You can then access the variable via
the $_SESSION superglobal array.
• You can check if session is registered
by if (isset($_SESSION['name'])).
© K.S. Mbise PHP Sessions Slide 9
Unsetting variables and destroying a
session
• By default, sessions expire after a
certain length of inactivity (default
1440s).
• When you are finished with a session,
you should first unset (e.g.,
unset($_SESSION['name'])) all the
variables and then call
session_destroy() to clean up the
© K.S.session
Mbise ID. PHP Sessions Slide 10
Thank you for listening!

© K.S. Mbise PHP Sessions Slide 11