Tracking Visitors with Session Identifiers PHP

As Web sites evolve into Web applications, the problem of maintaining state arises. The issue is that, from page to page, the application needs to remember who is visiting the page. The Web is stateless. Your browser makes a connection to a server, requests one or more files, and then closes the connection. Five minutes later when you click to a connecting page, the routine happens all over again. While a log is kept, the server doesn't remember you. Any information you gave it about yourself three pages back may be saved somewhere, but it's not associated with you after that.

Imagine a wizardlike interface for ordering a pizza. The first screen asks you how many pizzas you want. Then you go through a page for each pizza, picking toppings and type of crust. Finally a page asks for your name and number so that your order can be emailed to the nearest pizza parlor. One way to handle this problem is to pass all the information gathered up to that point with each form submission. As you go from page to page, those data grow and grow. You're telling the server a partial version of your order many times. It works, but it's definitely wasteful of network bandwidth.

Using a database and a session identifier, you can store information as it becomes vailable. A single identifier is used as a key to the information. Once your script has the identifier, it can remember what has gone on before.

How the script gets the identifier is another issue. You have two choices. One is to pass the identifier as a variable inside every link or form. In a form this is simple to do with a hidden variable. In a link you have to insert a question mark and a variable definition. If your session ID is stored in a variable called session, then you might write something like

print ("<A HREF=

to send session to the next page. This technique works with all browsers, even Lynx. An alternative is to use cookies. Like GET and POST form variables, cookies are turned into variables by PHP. So, you could create a cookie named session. The difference would be that, since cookies may only be set in headers, you'll have to send them to the browser before sending any HTML code

A more complex strategy attempts to use cookies, but falls back on GET variables if necessary. Both methods are in wide use on the Internet. Check any e-commerce site. For the purpose of example, I'll present a strategy that uses GET variables. The first step is to create a table to hold session identifiers. Listing 17.4 is SQL code for creating a simple
session table in a MySQL database.

This table is keyed off an eight-character string. Each time the user moves to a new page, we will update the LastAction column. That way we can clear out any sessions that appear to be unused. Every visit to our page will trigger a clearing of all sessions without action for 30 minutes. Then we will need to test each visitor for having a session identifier. If they don't have one, we will create one. If they do have one, we will need to check it to make sure it's valid.

Creating Session ID


LastAction DATETIME,

The first time you load Listing, it will create a session for you. Each click of the "Refresh Page" link will cause the script to check the session. If the session identifier is not in the session table, then the session identifier will be rejected, and a new one will be created. You can try submitting a bad session identifier by erasing a character in the location box of your browser.

Checking Session ID

Checking Session ID

Checking Session ID

The next logical step is to add another table for storing the information you need to know about the person browsing your site. One of the columns should be for storing the session identifier from the session table.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

PHP Topics