Session Management in PHP
Session 18


Review - I






Websites use cookies to store user-specific
information
Cookies are stored on the Web browser’s hard
disks
PHP provides three ways of retrieving a cookie
value:




Passing a variable as cookie name
Using $_COOKIE[]
Using $HTTP_COOKIE_VARS[]
PHP / Session 18 / Slide 2 of 27


Review - II


Drawbacks of cookies:









Cookies cannot contain more than a certain amount of
information
Only a maximum of 20 cookies of a domain can be
maintained
A browser can maintain a maximum of 300 cookies
Some users disable cookies while accessing websites
Storing large number of cookie files slows down the
computer
PHP / Session 18 / Slide 3 of 27


Objectives


Define a session



Work with the session




Start the session



Register the session



End the session



Work with the php.ini file

PHP / Session 18 / Slide 4 of 27


Sessions







Refers to the time the user a particular Web site
Enable Web sites to store user requests and
information on the Web
Enable distinguishing the user specific information
during the life of the session

Session life refers to the total time a user spends on
the Web site

PHP / Session 18 / Slide 5 of 27


Traditional Transfer of Data


Web sites traditionally use two methods to pass user
information from one script to another, such as:



GET
POST

PHP / Session 18 / Slide 6 of 27


Using Cookies to Transfer Data


Enable us to store data into a variable and access it
across all the pages of the Web site

PHP / Session 18 / Slide 7 of 27


Difference between Cookies and Sessions

Cookies
Sessions
Stores user information on Stores user information on
the client system
the Web server
Available even after the
Destroyed when the user
user exits the Web browser exits the Web browser
Users can disable cookies

Users cannot disable
sessions

Have size limits

Do not have size limits
PHP / Session 18 / Slide 8 of 27


Working with Sessions - I






Session commences when a user accesses the
session-enabled Web site
Web server assigns a unique session ID to each
user when the user starts a session

Scripts store and access user information through
the session ID

PHP / Session 18 / Slide 9 of 27


Working with Sessions - II

PHP / Session 18 / Slide 10 of 27


Lifecycle of Sessions




Starting the session
Registering the session variable
Ending the session

PHP / Session 18 / Slide 11 of 27


Starting a Session




Also called as initializing a session
Session starts when a user logs on to the Web site

session_start() function enables to start a
session

PHP / Session 18 / Slide 12 of 27


Session Files







Created when a new session starts
Created on a Web server
Created in the /tmp directory
File name based on unique session identifier value
that PHP engine generates
File naming convention:
sess_<32_digit_hexadecimal_value>
PHP / Session 18 / Slide 13 of 27


session_start() Function




Must be specified on the top of every Web page or

before the start of the actual coding
Always returns True

PHP / Session 18 / Slide 14 of 27


session_start()Example

Example 1



session_start();
echo “The Session id is ” .session_id();
?>

Example 2
echo “Welcome to Shoppers Paradise”;
session_start();
echo “The Session id is ” .session_id();
?>


PHP / Session 18 / Slide 15 of 27


Registering the Session Variable





Session variables need to be registered with the
session library to work with the sessions across all
the Web pages
Session library enables:




Creation
Serialization
Storage of session data

PHP / Session 18 / Slide 16 of 27


Methods to Set Session Variable





$_SESSION[] - Recommended for PHP 4.1.0
$HTTP_SESSION_VARS[] - Recommended for
PHP 4.0.6 or less
session_register() - Not recommended as it has
deprecated


PHP / Session 18 / Slide 17 of 27


Ending a Session


session_destroy() function used to end a session



Removes the session file from the system



$PHPSESID cookie is not removed from the Web browser

PHP / Session 18 / Slide 18 of 27


Working with php.ini File - I


PHP interpreter works according to the specifications made
in the php.ini file



Located under the /usr/local/php4/lib directory

PHP / Session 18 / Slide 19 of 27



Options in php.ini File - I


Language Options





Safe Mode




Performs a UID compare check when opening files

Font Colors




Enables PHP scripting language engine under Apache
Allows ASP style tags

Indicates the colors that PHP uses for highlighting syntax

Misc



Indicates whether or not PHP discloses the fact that it is
installed on the server
PHP / Session 18 / Slide 20 of 27


Options in php.ini File - II


Resource Limits





Error handling and logging






Indicates the maximum time for script execution
Indicates the maximum amount of memory a script requires
Reports all errors and warnings
Reports fatal compile time errors
Reports fatal run-time errors

Data Handling



Controls list of separators used in PHP generated URLs to
separate arguments

PHP / Session 18 / Slide 21 of 27


Options in php.ini File - III


Magic Quotes





Path and Directories




Sets magic quotes for incoming Get, Post, Cookie data
Uses Sybase style magic quotes
Specifies the name of the directory under which PHP
opens the script

File Uploads




Indicates whether or not to allow HTTP file uploads
Indicates the maximum allowed size for upload files
PHP / Session 18 / Slide 22 of 27


Options in Session Category - I
Options

Description

session.save_handler

Specifies how PHP stores and retrieves
session variable

session.save_path

Specifies the name of the directory
where the session files will be stored

session.use_cookies

Indicates whether PHP must send
session ID to the Web browser through
a cookie

session.use_only_cookies Indicates whether the modules can use
only cookies for storing session IDs
PHP / Session 18 / Slide 23 of 27



Options in Session Category - II
Options

Description

session.cookie_lifetime

Specifies the lifetime of the cookie

session.name

Manages the cookie name and form attributes
such as GET and POST that holds the session ID

session.auto_start

Enables sessions to automatically initialize if the
session ID is not found in the browser request

session.cookie_secure

Specifies whether or not the cookies must be sent
over secured connections

PHP / Session 18 / Slide 24 of 27


Summary - I









Cookies provide us with the functionality of storing
temporary Web user information
Sessions enable PHP store user information on the
Web server
Sessions enable Web sites store user requests and
information on the Web
Lifecycle of Session:




Starting a session
Registering a session variable
Ending a session
PHP / Session 18 / Slide 25 of 27