Session Management in PHP
Session 18
Review - I
Websites use cookies to store user-specific
information
Cookies are stored on the Web browser’s hard
disks
PHP provides three ways of retrieving a cookie
value:
Passing a variable as cookie name
Using $_COOKIE[]
Using $HTTP_COOKIE_VARS[]
PHP / Session 18 / Slide 2 of 27
Review - II
Drawbacks of cookies:
Cookies cannot contain more than a certain amount of
information
Only a maximum of 20 cookies of a domain can be
maintained
A browser can maintain a maximum of 300 cookies
Some users disable cookies while accessing websites
Storing large number of cookie files slows down the
computer
PHP / Session 18 / Slide 3 of 27
Objectives
Define a session
Work with the session
Start the session
Register the session
End the session
Work with the php.ini file
PHP / Session 18 / Slide 4 of 27
Sessions
Refers to the time the user a particular Web site
Enable Web sites to store user requests and
information on the Web
Enable distinguishing the user specific information
during the life of the session
Session life refers to the total time a user spends on
the Web site
PHP / Session 18 / Slide 5 of 27
Traditional Transfer of Data
Web sites traditionally use two methods to pass user
information from one script to another, such as:
GET
POST
PHP / Session 18 / Slide 6 of 27
Using Cookies to Transfer Data
Enable us to store data into a variable and access it
across all the pages of the Web site
PHP / Session 18 / Slide 7 of 27
Difference between Cookies and Sessions
Cookies
Sessions
Stores user information on Stores user information on
the client system
the Web server
Available even after the
Destroyed when the user
user exits the Web browser exits the Web browser
Users can disable cookies
Users cannot disable
sessions
Have size limits
Do not have size limits
PHP / Session 18 / Slide 8 of 27
Working with Sessions - I
Session commences when a user accesses the
session-enabled Web site
Web server assigns a unique session ID to each
user when the user starts a session
Scripts store and access user information through
the session ID
PHP / Session 18 / Slide 9 of 27
Working with Sessions - II
PHP / Session 18 / Slide 10 of 27
Lifecycle of Sessions
Starting the session
Registering the session variable
Ending the session
PHP / Session 18 / Slide 11 of 27
Starting a Session
Also called as initializing a session
Session starts when a user logs on to the Web site
session_start() function enables to start a
session
PHP / Session 18 / Slide 12 of 27
Session Files
Created when a new session starts
Created on a Web server
Created in the /tmp directory
File name based on unique session identifier value
that PHP engine generates
File naming convention:
sess_<32_digit_hexadecimal_value>
PHP / Session 18 / Slide 13 of 27
session_start() Function
Must be specified on the top of every Web page or
before the start of the actual coding
Always returns True
PHP / Session 18 / Slide 14 of 27
session_start()Example
Example 1
session_start();
echo “The Session id is ” .session_id();
?>
Example 2
echo “Welcome to Shoppers Paradise”;
session_start();
echo “The Session id is ” .session_id();
?>
PHP / Session 18 / Slide 15 of 27
Registering the Session Variable
Session variables need to be registered with the
session library to work with the sessions across all
the Web pages
Session library enables:
Creation
Serialization
Storage of session data
PHP / Session 18 / Slide 16 of 27
Methods to Set Session Variable
$_SESSION[] - Recommended for PHP 4.1.0
$HTTP_SESSION_VARS[] - Recommended for
PHP 4.0.6 or less
session_register() - Not recommended as it has
deprecated
PHP / Session 18 / Slide 17 of 27
Ending a Session
session_destroy() function used to end a session
Removes the session file from the system
$PHPSESID cookie is not removed from the Web browser
PHP / Session 18 / Slide 18 of 27
Working with php.ini File - I
PHP interpreter works according to the specifications made
in the php.ini file
Located under the /usr/local/php4/lib directory
PHP / Session 18 / Slide 19 of 27
Options in php.ini File - I
Language Options
Safe Mode
Performs a UID compare check when opening files
Font Colors
Enables PHP scripting language engine under Apache
Allows ASP style tags
Indicates the colors that PHP uses for highlighting syntax
Misc
Indicates whether or not PHP discloses the fact that it is
installed on the server
PHP / Session 18 / Slide 20 of 27
Options in php.ini File - II
Resource Limits
Error handling and logging
Indicates the maximum time for script execution
Indicates the maximum amount of memory a script requires
Reports all errors and warnings
Reports fatal compile time errors
Reports fatal run-time errors
Data Handling
Controls list of separators used in PHP generated URLs to
separate arguments
PHP / Session 18 / Slide 21 of 27
Options in php.ini File - III
Magic Quotes
Path and Directories
Sets magic quotes for incoming Get, Post, Cookie data
Uses Sybase style magic quotes
Specifies the name of the directory under which PHP
opens the script
File Uploads
Indicates whether or not to allow HTTP file uploads
Indicates the maximum allowed size for upload files
PHP / Session 18 / Slide 22 of 27
Options in Session Category - I
Options
Description
session.save_handler
Specifies how PHP stores and retrieves
session variable
session.save_path
Specifies the name of the directory
where the session files will be stored
session.use_cookies
Indicates whether PHP must send
session ID to the Web browser through
a cookie
session.use_only_cookies Indicates whether the modules can use
only cookies for storing session IDs
PHP / Session 18 / Slide 23 of 27
Options in Session Category - II
Options
Description
session.cookie_lifetime
Specifies the lifetime of the cookie
session.name
Manages the cookie name and form attributes
such as GET and POST that holds the session ID
session.auto_start
Enables sessions to automatically initialize if the
session ID is not found in the browser request
session.cookie_secure
Specifies whether or not the cookies must be sent
over secured connections
PHP / Session 18 / Slide 24 of 27
Summary - I
Cookies provide us with the functionality of storing
temporary Web user information
Sessions enable PHP store user information on the
Web server
Sessions enable Web sites store user requests and
information on the Web
Lifecycle of Session:
Starting a session
Registering a session variable
Ending a session
PHP / Session 18 / Slide 25 of 27