Sessions in PHP

[Vswe]

Sessions is a good way for storing temporary data between your pages. A session is usually closed pretty fast after that the user have left the site so as I said, it's good for temporary storage, an example is the user's name or items the user have put in his/her shopping cart.




Starting a Session

To use a session you first have to start it, the session must be started before anything is sent to the page so you can't have any html tags before you starts the session. To start a new session you do like this:

Code:

<?php
session_start();
?>

But since there's no point in starting a session that is already started we can first check if there's any sessions:

Code:

<?php 
if(!isset($_SESSION))
{
session_start();
}
?>

Session variables

The data stored in a session is stored in different session variables, to read or write from/to a session variable you use $_SESSION['']; together with the name of the session.


An example on writing:

Code:

<?php 
$_SESSION['username'] = "Me"; 
?>

An example on reading:

Code:

<?php 
echo "Hello " . $_SESSION['username'] . "!"; 
?>

If you want to check if a session variable has been set you only use isset on the session variable, like so:

Code:

<?php 
if (isset($_SESSION['username'])) {
echo "The session variable called username as the value " . $_SESSION['username'];
}else{
echo "The session variable called username haven't been set yet.";
}
 
?>

Remove session variables

You can also delete a session variable and all its info by using unset. Make sure this session variable exists first since there no point trying to remove anything that doesn't exists. Remember that this info will be lost forever. Here comes an example on how you can use unset after you've checked if the session variable exists:

Code:

<?php

if (isset($_SESSION['username'])) {
echo "Bye " . $_SESSION['username'];
unset($_SESSION['username']);
}

?>

Destroying your session

If you're completely finished with the whole session you can remove it. This will make all your information disappear so only use it when you don't have any necessary information in it left, also remember to make sure that's the case. Same here, there's no idea to try to delete a session that doesn't exist so before destroying the session (by using session_destroy() it could be a good idea to check if it exists. Here's how you do it:

Code:

<?php 
if(isset($_SESSION))
{
session_destroy();
}
?>

That was everything for this tutorial. If you wonder anything just ask

[Jordan]

You should also regenerate the session ID at each page to prevent session hijacking. Nicely done, +rep!

[WingedPanther]

Nice +rep

[tonymorrison39]

thanks i appreciate the info

[hardinera]

i get undefined index when using session >.> whats that?? -.-


i solved the problem lol thanks for the post ^_^

[Sphexa]

Great tutorial +rep

[kimjones]

thank you for providing well detailed tutorials here. I have been trying to learn Php from other sites but this site gives me exactly what I am looking for.

________________________________
DUI Texas

[SoN9ne]

Great tutorial, I have one suggestion.

For the destroy session it should be (according to php.net):

Code:

<?php
if (isset($_SESSION)) {
	// Unset all of the session variables.
	$_SESSION = array();
	
	// If it's desired to kill the session, also delete the session cookie.
	// Note: This will destroy the session, and not just the session data!
	if (ini_get("session.use_cookies")) {
	    $params = session_get_cookie_params();
	    setcookie(session_name(), '', time() - 42000,
	        $params["path"], $params["domain"],
	        $params["secure"], $params["httponly"]
	    );
	}
	
	// Finally, destroy the session.
	session_destroy();	
}
?>

There should be some security measures in place for Sessions but it's still a great start!

[Prog4rammer]

nice and Very Simple