PHP Tutorial: Saving Sessions in a File
Application Security Testing: An Integral Part of DevOps
A particularly useful example of the application of this ability, is to capture and refer to username and password information. You could, for example, create a login page where a visitor can enter their user Id (their email address, perhaps) and their password, You would then retrieve session information from an earlier session, based on their user Id, and present them with customized views of the rest of your site, based on other stored session variables that you retrieve from the file. Such a project would, of course, require a little more code that is shown in this tutorial, but the methods used to save and retrieve the session data are right here!
Another great example of the use of this feature is in conjunction with a shopping cart. Suppose you have a shopping cart that builds an order as the user makes their selections and stores that information somewhere based on a unique identifier such as a combination of their user Id and the session number. Now suppose their connection is interrupted and their session is lost. If you had saved their original session information in a file, then when they reconnected and logged back into your site, you would have all the information you would need to retrieve their partially completed order. That would make for a happy shopper!
And so to the technique, which is simple enough: we're going to use the fopen function to open our file, the session_encode function to encode our session information into a string, the fputs function to write it into our file and the fclose function to close the file. Here's an example:
$username = "Goody";
$password = "mypass";
$ordernumber = "1234";
$sessionfile = fopen("sessionfile.txt", "w");
fputs($sessionfile, session_encode( ) );
As you can see, we are creating three session variables to hold the information we will need and, in this example, are simply populating those variables from text strings. you will remember from the file system tutorial in this series about file use of the file functions shown here. You can see here that in the fputs instruction we are using the session_encode function to take all our session information (which includes all our session variables, but does not include the session number) and encode it into a string which becomes the information we write (fputs) to our file.
Now that we have our information safely tucked away, we need a method to retrieve it again when we need it. For this, we'll use the fgets function to get the record and the session_decode to retrieve the session information from the record returned. Here we go:
<html><head> ....... etc.
$sessionfile = fopen("sessionfile.txt", "r");
session_decode(fputs($sessionfile, 4096) );
There are a couple of things to notice here. First, you'll see that we started a new session (with the session_start coming before anything else, as required - remember that from here?) because we need to have an active session to be able to create the session_variables, which is what the session_decode is going to do.
Next you'll notice that the session_encode and session_decode instructions are written the other way round from each other, with respect to their associated fputs and fgets functions. Think of it like this: when writing, we want to write the result of the session_encode so the fputs contains the session_encode; when reading, we want to decode the result of the fgets function, so the session_decode contains the fgets. (Technically, it may be inaccurate to speak of one "containing" the other, but it certainly helps to think of it that way!)
Another thing to watch out for is the scope of our variables (remember scope form the functions tutorial?) In the first example above, we have specific statements to define the session variable, so their scope may be more obvious, but in the second, the variable will be defined by the session_decode function and so the scope might not immediately occur to you. In either case, if the definition of the variable occurs within a function (that is, you have written these instructions inside some function) the scope of the session_variables will be local to that function. If that's not what you want, you would have to add the "global" parameter. In the second example above, this would mean adding a global definition for the variables prior to invoking the session_decode function, like this:
global $username, $password, $ordernumber;
session_decode(fputs($sessionfile, 4096) );
Finally, you might want to think a little about the file name you use. In these examples we used a file called "sessionfile.txt". It might be more useful to you to name your file something else, such as the user Id, or a combination such as the user Id and an application identifier (for example, "vincebarnesorders.txt") so that you will know which file to get your session information from when the user comes back into your page.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...