PHP Sessions

What is a PHP Session?

PHP Sessions allow web pages to be treated as a group, allowing variables to be shared between different pages. One of the weaknesses of cookies is that the cookie is stored on the user’s computer (and by user we mean the person with the browser visiting your web site). This provides the user the ability to access, view and modify that cookie for potentially nefarious purposes. PHP sessions, on the other hand, store only an ID cookie on the user’s system which is used to reference the session file on the server. As such, the user has no access to the content of the session file, thereby providing a secure alternative to cookies. PHP sessions also work when the user has disabled the browser’s cookie support. In this situation it includes the session ID information in the web page URLs.

Creating a PHP Session

PHP sessions are created using the session_start() function which should the first function call of the PHP script on your web page (i.e. before any output is written to the output stream).

The following example demonstrates the creation of a PHP session:

<title>A PHP Session Example</title>
</html> Continue reading


PHP and Cookies – Creating, Reading and Writing

Web servers are typically stateless entities. That is to say they serve up web pages without regard to who requested the page and with no knowledge of whether that person has previously requested other pages. This makes it difficult for web based applications to track whether a visitor is new to the site or whether they have visited before and have already logged into a service. Cookies were developed to provide a mechanism to track state in the otherwise stateless world of the web.

Cookies essentially provide a mechanism to store small pieces of data on the computer systems of the visitors to your site. This enables you to maintain the state of a user’s visit to your site so that you can track their movement through the site, or to store information such as their user name and address after they have entered it on one page so that they don’t have to keep re-entering it on different pages.

Before going too far in implementing cookies on your web site it is important to keep in mind that users can disable cookie support in their browsers. You should, therefore, avoid making your site completely dependent on cookies.

Another option for maintaining state is to use PHP Sessions. Cookies and sessions differ in important ways, and which to use depends on your requirements. Continue reading