, , , , , , , , , , , , , , , ,


What is a session?

Session is basically a particular duration of time. In PHP, session is also the same, but technically mentioned in a different way.

In PHP session is associated with a server side and client side cookie. In client side, there is a small cookie involved, which will be storing a unique session id. In server side, it saves all the data required for the session.

Sessions are used in PHP to have global value concept, to have/pass values in different pages in a same server. The concept of session is that when we are in a particular page, we need some kind of data. These we put into the particular session.

How to start session in PHP?

In PHP we start session with session_start() function. This need to be the first statement. As mentioned above the architecture of session in PHP is;

There are 2 part;
1. Session identifier. This is store in cookie file in local machine. This is only a unique identifier which needs to be passed to the server.

2. Server side data. All the session data (which user saves in session) are saved in server. Inorder for server to identify the data is of which user, it need to have the unique session id which should be send to server. With this unique id, server identifies which session data is of which client. If the session id does not matches with the server data, a new session is started.

Where are the session values stored in PHP?

To be accurate this can be seen by checking the value of “session.set_path”. This can be checked in the php.info page. By default, the session data are stored in “/tmp/” directory in server. Since this location is not safe, it is recommended to update the location.

How is session data saved in PHP?

Session data are normally saved in files. This is the default procedure. This also can be altered. When dealing with large websites, which involves multiple servers, the normal philosophy of sessions wont work. Here, if using sessions, we need to save the details in databases.

There are basically 3 methods to deal with this type of situations;

1. Use networked file system (NFS) so there will be shared locations.

2. Implement code for session management, rather then using the default php. Here the storage location can be mentioned which should be shared.
Note : This is a risk, since the code is prone to errors and also may be vulnerable.

3. Use database to store session details.

Inorder to know more on how to write session handling manually, please refer this websites;

How to save values in session in PHP?

See a sample code;
$_SESSION[‘uname’] = “john”;

echo $_SESSION[‘uname’];

First we need to start the session. If this is not started, we will not be able to use session data, nothing will be written to and can be read from session. This is because, session_start(), sends the unique session id to server.

The second line is how we save a value to session variable. $_SESSION is the superglobal variable. This is infact an array.

How to clear session data?

session_destroy() and session_unset()
Unset will clear a particular data entry from the mapping, just unset the variable. Where as destroy will clear the entire session data.