PHP Sessions for State Management
To store information accessible accross web pages, we use sessions. Session is not stored on the user browser like Cookies, hence it is a more secure option.
As we know HTTP is a stateless protocol, if a user visits a webpage and perform some action, there is no way to remember what he did when the user navigates to the next webpage.
Let's take a practical example, when you log into your facebook account, by providing your email address and password, until and unless you logout, the web application remembers who you are and display what your friends are posting and liking on your News Feed, you can update your profile, send someone message, join a group etc, this is accomplished by Session.
When a user logs into their account on any web application, a session is created for them, and in the session their username or userid or some other unique identifier is stored, which is then used on the consecutive webpages to show information specific to that user. On logout, the session is destroyed.
Session is not limited by any size limit, you can store any information in the session, irrespective of its size.
Before we move on to how to start, update and end a session in PHP, let's learn a few realworld use of session.
Realworld Use of Session
- Web applications which require a user to login, use session to store user information, so that on every webpage related information can be displayed to the user.
- In eCommerce websotes, shopping cart is geberally saved as part of session.
I hope this gives you an idea about how you can utilize session in your web application.
Start a Session in PHP
In PHP we can start a session by using the session_start()
function. And data is stored in the session using session variable, which can be assigned different values using global variable $_SESSION
In simpler words, using the function session_start()
we initialize the session, in which we can store information using the session variable $_SESSION
.
Let's take an example, below we have a webpage with Php file named first_page.php
<?php
// start the session
session_start();
// set the session variable
$_SESSION["username"] = "iamabhishek";
$_SESSION["userid"] = "1";
?>
<html>
<body>
<?php
echo "Session variable is set.";
?>
<a href="second_page.php">Go to Second Page</a>
</body>
</html>
NOTE: The function session_start()
should be the first statement of the page, before any HTML tag.
Getting PHP Session Variable Values
In the code above, we have started a session and set two session variables. Above webpage will also have a link to navigate to Second page second_page.php.
Below is the code for second_page.php, in which we fetch values from the session variable which are set in the first_page.php.
<?php
// start the session
session_start();
// get the session variable values
$username = $_SESSION["username"];
$userid = $_SESSION["userid"];
?>
<html>
<body>
<?php
echo "Username is: ".$username."<br/>";
echo "User id is: ".$userid;
?>
</body>
</html>
Username is: iamabhishek
User id is: 1
You must be thinking, why we used session_start()
here although we did not set any new values in the session variable.
session_start()
function is used to initialize a new session and to fetch the ongoing session(if already started), and then, using the $_SESSION
global variable, we can either set new values into the session or get the saved values.
If there are too many values stored in the session, and you don't know which one do you want to get, you can use the below code to print all the current session variable data.
<?php
// start the session
session_start();
?>
<html>
<body>
<?php
print_r($_SESSION);
?>
</body>
</html>
Array (
[username] => iamabhishek,
[userid] => 1
)
Update Session Variable in PHP
To update any value stored in the session variable, start the session by calling session_start()
function and then simply overwrite the vakue to update session variable.
<?php
// start the session
session_start();
// update the session variable values
$_SESSION["userid"] = "1111";
?>
<html>
<body>
<?php
echo "Username is: ".$username."<br/>";
echo "User id is: ".$userid;
?>
</body>
</html>
Username is: iamabhishek
User id is: 1111
We just updated the value of userid in the session variable from 1 to 1111.
Destroy a Session in PHP
To clean the session variable or to remove all the stored values from the session variable we can use the function session_unset()
and to detroy the session, we use session_destroy()
function.
<?php
// start the session
session_start();
?>
<html>
<body>
<?php
// clean the session variable
session_unset();
// destroy the session
session_destroy();
?>
</body>
</html>
We use these functions on pages like logout or checkout in case of an eCommerce website to clean the session variable off the user specific data and to eventually destroy the current session.