PHP Session

In this tutorial, you will learn how to use PHP sessions to temporarily store some data on the server.

What is Session

Although you can use cookies to store data, there are some security issues. Since cookies are stored on the user's computer, attackers can easily modify the content of cookies to insert potentially harmful data into your application, thereby possibly damaging your application.

Moreover, whenever the browser requests a URL from the server, all the cookie data for the website is automatically sent to the server in the request. This means that if you store5Cookies, each with a size of4KB, the browser needs to upload it each time the user views the page20KB of data, which may affect the performance of your site.

You can use PHP session to solve these two problems. PHP session stores data on the server instead of the user's computer. In a session-based environment, each user is identified by a unique number called a session identifier or SID. This unique session ID is used to link each user with their information on the server (such as email, posts, etc.).

Start Session

Before storing any information in session variables, you must first start the session. To start a new session, simply call the PHP session_start() function. It will create a new session and generate a unique Session ID for the user.

The PHP code in the following example just starts a new session.

<?php
//Start session
session_start();
?>

The session_start() function first checks if a session already exists by looking for the presence of a session ID. If a session is found, that is, the session has already been started, it sets the session variables; if not, it starts a new session by creating a new session ID.

Store and access Session data

You can store all session data as key-value pairs in the $_SESSION[] superglobal array. You can access the stored data within the session's lifetime. See the following script, which creates a new session and registers two session variables.

<?php
//Starting session
session_start();
　
//Store session data
$_SESSION["firstname"] = "Peter";
$_SESSION["lastname"] = "Parker";
?>

To access session data set on any other page within the same Web domain as the previous example, simply call session_start() to recreate the session, and then pass the corresponding keys to the $_SESSION associative array.

<?php
//Starting session
session_start();
　
//Access session data
echo 'Hi, ' . $_SESSION["firstname"] . ' ' . $_SESSION["lastname"];
?>

The PHP code in the above example produces the following output.

Hi, Peter Parker

Destroy Session

If you want to delete some session data, just unset the corresponding key of the $_SESSION associative array, as shown in the following example:

<?php
//Start session
session_start();
　
//Deleting session data is in progress
if(isset($_SESSION["lastname"])){
　　　　unset($_SESSION["lastname"]);
}
?>

However, to completely destroy a session, simply call the session_destroy() function. This function does not require any parameters, and one call will destroy all session data.

<?php
//Start session
session_start();
　
//Destroy session
session_destroy();
?>

Each PHP session has a timeout value (duration, in seconds), which determines how long the session should remain active in the absence of any user activity. You can adjust this timeout duration by changing the value of the session.gc_maxlifetime variable in the PHP configuration file (php.ini).