Sessions in PHP are a way to make data accessible across the various pages of an entire website.
It is a useful way of both storing and passing data across in software development.
When a session is started in PHP, a file is created in a temporary directory on the server where registered session variables are stored.
This data is made available to all pages of the site during that visit.
The location of the temporary file is determined by the settings in php.ini file called session.save_path. It is important to set this path before using any session.
The Anatomy of a PHP Session
When a session is started in PHP, the following actions take place:
- PHP first creates a unique identifier for that particular session, which is a random string of 32 hexadecimal numbers.
- A cookie called PHPSESSID is automatically sent to the user’s computer to store the unique session identification string.
- A file is automatically created on the server in the designated temporary directory and bears the name of the unique identifier prefixed by sess_ie
A session ends when the user closes the browser after leaving the site.
The server terminates a session after a pre-determined period of time, usually after a 30-minutes duration.
Starting a PHP Session
A PHP session is started by making a call to the session_start() function.
This function first checks if a session is already started, and if none is started, it starts one.
It recommended to put the call to session_start() at the beginning of the page.
Session variables are stored in an associative array called $_SESSION[]. These variables can be accessed during the lifetime of a session.
Using sessions, let us count the number of times a person visits our site …
<?php
session_start(); //start session
$_SESSION['visit'] += 1; //set session variable
//Check if session is set
if(isset($_SESSION['visit'])){
echo "You visited this page ".$_SESSION['visit']. " times";
}
?>
Destroying a Session
A PHP session can be destroyed by calling the session_destroy() function. This function does not need any argument and a single call can destroy all session variables that have been created.
<?php
session_destroy();
?>
If you want to destroy a single session variable then you can use unset() function to unset a session.
<?php
unset($_SESSION['counter']);
?>
Conclusion
From performing user authentication to controlling the flow of an application, sessions are useful functions in PHP.
Thanks for you article. I am the administrator of ridplace.com. And i would like to display the number of active sessions. My problem/question: when do we call the unset ou destroy (or -1) session? we don’t know when the user is out….
Hi. It depends on what you are trying to achieve. session_destroy() removes all active sessions for a user, while unset($_SESSION[“value”]) deletes a particular session that has previously been set. If you are authenticating users or they are logging in any form, you can destroy the session when they logout using session_destroy(). If you still want to track activities, you can unset the session.