What is a PHP Session
A session is a way for you to persist (save) information between requests, PHP does this by uniquely identifying users, using what is called a session cookie.
For example: A user visits your website and is served the home page, index.php. The same user requests the very same home page again a few minutes later (or a different page on your PHP website)
- How can PHP save variables between pages: for the same page request, or between different page requests?
- How can PHP identify a specific user? (We need to uniquely identify each user if we want to save data between requests)
We can use sessions to solve these problems
Session variables: these are the variables we would like to save between requests, it's up to you to decide what variables to save to the session, depending on your requirements.
Creating a PHP Session
Now that we have a basic understanding of sessions, we can go through example session code. We will keep our example as simple as possible to get a better understanding of session management.
Our example will use a single PHP page that is visited repeatedly by the same user. We can apply the same concepts to multiple pages and different users. Below is our initial code, it displays the number of times a user visited our page.
For now, our code does not work as we expect: requesting/refreshing the page does not update the variable
Let's update our code to begin using sessions, start the session by calling the session_start function. The session start function, starts a new session or resumes an existing session. It will return
TRUE if the session was successfully started.
session_start on our first line of code, we store the return value of
session_start in the variable
sessionStarted. We can then check if the session did actually start and run the appropriate code, in our case: to display the text 'Session started'.
We can control the session timeout or cookie lifetime by passing the
cookie_lifetime option to the
For the above example, our session will be valid for 30 days from the last time our session was started or resumed, not from the time the session was first started.
Viewing the PHP Session ID
After successfully starting a session, the user who requested the page is assigned a unique session id. We can view the session id by calling the function session_id. Let's display the session id for our own educational purposes, you won't display session id's in a production environment for security reasons (the user can however view their own session id in a cookie saved to the user's browser)
Updating PHP Session Variables
Now that our session is started we can save variables to the session. In PHP, you access and set session variables using the global
$_SESSION. If we wanted to save a variable
$person to the session, we could give it a key
person. Our code would then be:
$_SESSION['person'] = $person; The key can be named anything you want, but meaningful names are good practice.
We've updated our code to save the variable
$pageVisitCount to the session with the key
pageVisitCount, the assignment is
$_SESSION['pageVisitCount'] = $pageVisitCount.
We retrieve the value from the session with the code
$pageVisitCount = $_SESSION['pageVisitCount'] and use a default of
0 if the value was not previously saved to the session.
Destroying the Session
Our code now uses the session to save and retieve variables for use on our web page. The last addition for our example would be to use session_destroy to end the session and clear the variables which were saved to the session.
session_destroy(); when the
$pageVisitCount reaches a value of
10. In a real world example, you would typically call
session_destroy(); when a user signs out of a restricted access system.
- Start or resume a session using
session_start, and check the return value to confirm whether the session did actually begin.
- To increase or decrease the session validity period, use the option
cookie_lifetime when starting the session.
session_id can be used to view the unique session id, which can also be viewed by users in their browser.
session_destroy to end a session.
- The session example we looked at, went from start to finish of session management using a single page. As an exercise, you could write an in-depth code example using multiple PHP pages.