PHP Tutorial: Sessions
WEBINAR: On-demand webcast
How to Boost Database Development Productivity on Linux, Docker, and Kubernetes with Microsoft SQL Server 2017 REGISTER >
The most significant differences between the two are that cookies are stored on the client, while the session data is stored on the server. As a result, sessions are more secure than cookies (no information is being sent back and forth between the client and the server) and sessions work even when the user has disabled cookies in their browser. Cookies, on the other hand, can be used to track information even from one session to another by setting it's time( ) parameter (see http://www.htmlgoodies.com/php/p14cookies.html)
How Sessions Work
Sessions in PHP are started by using the session_start( ) function. Like the setcookie( ) function, the session_start( ) function must come before any HTML, including blank lines, on the page. It will look like this:
<head> ....... etc
The session_start( ) function generates a random Session Id and stores it in a cookie on the user's computer (this is the only session information that is actually stored on the client side.) The default name for the cookie is PHPSESSID, although this can be changed in the PHP configuration files on the server (most hosting companies will leave it alone, however.) To reference the session Id in you PHP code, you would therefore reference the variable $PHPSESSID (it's a cookie name; remember that from Cookies?)
Your sharp mind may be wondering what happens when you come to the second pass through your page and reach the session_start( ) function again. PHP knows that there is already a session on progress and so ignores subsequent instances of the session_start( ) -- phew!!
Using Session Data
Having established a session, you can now create, store and retrieve information pertaining to that session. You might want, for example, to keep track of items in your visitor's shopping cart. Information for sessions is stored in a special directory on the server; the path of that directory is specified in the server's PHP configuration files.
Information to be stored for a session is kept in session variables. Session variables are created by registering them for the session, using the session_register( ) function. To use that information (on any page iteration in the session) you simply reference the variable just like you would any other variable. Here's an example:
<title>Using a session variable</title>
print "Welcome to session number: ";
$username = "Goody";
print "Your name is: ";
In this example we have created a session and displayed the session number. We then registered a session variable called username (notice the quotes around the variable's name in the call to the session_register( ) function.)
Next we assigned a value to that variable with the " = " assignment operator (remember operators from http://www.htmlgoodies.com/php/p05expressions.html?) and then displayed the value of that session variable.
We now have all the basic tools to establish a session, and to create and use variables that last through the entire duration of the session.