PHP Session

PHP Session tutorial will explain you How to handle PHP sessions? with example.

PHP Session allows an application to store information for the current “session“.

PHP Session is identified by a unique session ID. This session ID is generated by PHP and stored on the client side for the life time of the Sessions.

PHP session ID acts as a key that allows you to register particular variables as so called session variables.

Starting a PHP Session using PHP session_start()

Before you can begin storing user information in your PHP Session, you must first start the PHP session.

PHP session_start() function is used to start the session.
Note that when you start a session, it must be at the very beginning of your code, before any HTML or text is sent.
That means PHP session_start() function must appear BEFORE the <html> tag.

Example on PHP session_start():

This small piece of code will register the user’s session with the server, allow you to start saving user information and assign a UID (unique identification number) for that user’s session.

Also when you try to register a session variable using session_register() at that time also session will get started.

Storing Session Variable

When you want to store user data in PHP session use the $_SESSION associative array.

This is where you both store and retrieve session data. In previous versions of PHP there were other ways to perform this store operation, but it has been updated and this is the correct way to do it.

Example on Storing PHP Session Variables :

The output will be:

PHP isset() function to handle PHP session

When you create a variable and store it in a session, you probably want to use it in the future. However, before you use a session variable, it is necessary that you check to see if it exists already!
isset is a function that takes any variable you want to use and checks to see if it has been set.

Here is the example in which we can create a very simple visits counter by using isset to check if the visits variable has already been created. If it has we can increment our counter. If it doesn’t exist we can create a visits counter and set it to one.

After 7 visits to this page the output will be something like this:
Welcome Admin, your visits = 7 (on every refresh counter will increment by 1)

The first time you run this script on a freshly opened browser the if statement will fail because no session variable visits would have been stored yet. However, if you were to refresh the page the if statement would be true and the counter would increment by one.

Destroying PHP session using PHP session_destroy()

Although a session’s data is temporary and does not require that you explicitly clean after yourself, you may wish to delete some data for your various tasks.

Imagine that you were running an online business and a user used your website to buy your goods. The user has just completed a transaction on your website and you now want to remove everything from their shopping cart.

You can also completely destroy the session entirely by calling the session_destroy function.

Previous articlePHP Cookie
Next articlePHP Send Mail
I am a young Information Systems Security Engineer(CEH). I had started with penetration testing when i am 17 years old. It all started with Kali linux and Metasploit.In free time i will play with Security holes/Bug bounty/Pentesting and Hacking !!!