Are you an Employer?
List of Topics


If you build a Web application, it's likely you will have information to associate with each user. You may wish to remember the user's name from page to page. You may be collecting information on successive forms. You could attempt to pass the growing body of information from page to page inside hidden form fields, but this is impractical. An elegant solution is to use the idea of a session. Each visitor is assigned a unique identifier with which you reference stored information, perhaps in a file or in a database.

In the past, PHP developers were required to create their own code for handling sessions, but Sascha Schumann and Andrei Zmievski added new functions for session handling to PHP 4. The concept is as follows. You register global variables with the session handler. The values of these variables are saved in files on the server. When the user requests another page, these variables are restored to the global scope.

The session identifier is a long series of numbers and letters and is sent to the user as a cookie. It is possible that the user will reject the cookie, so a constant is created that allows you to send the session identifier in a URL. The constant is SID and contains a full GET method declaration, suitable for attaching to the end of a URL.

Consider, a simple script that tracks a user's name and the number of times they've visited the page. The first step is to call the session_start function. This sends the cookie to the browser, and therefore it must be called before sending any content. Next, two variables are registered with the session, Name and Count. The former will be used to track the user's name, and the latter to count the number of times the user redisplays the page. Once registered, the values of these variables will be preserved in the session. Before starting the HTML document, the example script sets Name with input from a form submission if present, and then it increments the page counter.

The first bit of content the page provides is diagnostic information about the session. The session name is set inside php.ini, along with several other session parameters. It is used to name the cookie holding the session identifier. The identifier itself is a long string of letters and numbers, randomly generated. By default, PHP stores sessions in /tmp using a built-in handler called files. This directory isn't standard on Windows, and if it is not present, sessions will not work correctly.

It's likely that other handlers will be added for storing sessions in relational databases, but you do have the option of creating your own handler in PHP code using the session_set_save_handler function. Sessions are encoded using serialization, a method for  ompacting variables into a form suitable for storing as text strings. If you examine the files  aved in /tmp, you will find they match the strings returned by session_encode.

Using Sessions


As stated earlier, session identifiers are sent by cookies, but a browser may refuse them. As a backup, you may use the SID constant. It will contain a string consisting of the session name, an equal sign, and the session identifier. This is suitable for placing in a URL, as I have done in both the form action and the anchor tag below it. If the browser returns a session cookie to the script, the SID constant will be empty.