To store information accessible accross web pages, we use sessions. Session is not stored on the user browser like cookie, hence it is a more secure option.
As we know HTTP is a stateless protocol, if a user visits a webpage and perform some action, there is no way to remember what he did when the user navigates to the next webpage.
Let's take a practical example, when you log into your facebook account, by providing your email address and password, until and unless you logout, the web application remembers who you are and display what your friends are posting and liking on your News Feed, you can update your profile, send someone message, join a group etc, this is accomplished by Session.
When a user logs into their account on any web application, a session is created for them, and in the session their username or userid or some other unique identifier is stored, which is then used on the consecutive webpages to show information specific to that user. On logout, the session is destroyed.
Session is not limited by any size limit, you can store any information in the session, irrespective of its size.
Before we move on to how to start, update and end a session in PHP, let's learn a few realworld use of session.
I hope this gives you an idea about how you can utilize session in your web application.
In PHP we can start a session by using the
session_start() function. And data is stored in the session using session variable, which can be assigned different values using global variable
In simpler words, using the function
session_start() we initialize the session, in which we can store information using the session variable
Let's take an example, below we have a webpage with Php file named first_page.php
<?php // start the session session_start(); // set the session variable $_SESSION["username"] = "iamabhishek"; $_SESSION["userid"] = "1"; ?> <html> <body> <?php echo "Session variable is set."; ?> <a href="second_page.php">Go to Second Page</a> </body> </html>
NOTE: The function
session_start() should be the first statement of the page, before any HTML tag.
In the code above, we have started a session and set two session variables. Above webpage will also have a link to navigate to Second page second_page.php.
Below is the code for second_page.php, in which we fetch values from the session variable which are set in the first_page.php.
<?php // start the session session_start(); // get the session variable values $username = $_SESSION["username"]; $userid = $_SESSION["userid"]; ?> <html> <body> <?php echo "Username is: ".$username."<br/>"; echo "User id is: ".$userid; ?> </body> </html>
Username is: iamabhishek User id is: 1
You must be thinking, why we used
session_start() here although we did not set any new values in the session variable.
session_start() function is used to initialize a new session and to fetch the ongoing session(if already started), and then, using the
$_SESSION global variable, we can either set new values into the session or get the saved values.
If there are too many values stored in the session, and you don't know which one do you want to get, you can use the below code to print all the current session variable data.
<?php // start the session session_start(); ?> <html> <body> <?php print_r($_SESSION); ?> </body> </html>
Array ( [username] => iamabhishek, [userid] => 1 )
To update any value stored in the session variable, start the session by calling
session_start() function and then simply overwrite the vakue to update session variable.
<?php // start the session session_start(); // update the session variable values $_SESSION["userid"] = "1111"; ?> <html> <body> <?php echo "Username is: ".$username."<br/>"; echo "User id is: ".$userid; ?> </body> </html>
Username is: iamabhishek User id is: 1111
We just updated the value of userid in the session variable from 1 to 1111.
To clean the session variable or to remove all the stored values from the session variable we can use the function
session_unset() and to detroy the session, we use
<?php // start the session session_start(); ?> <html> <body> <?php // clean the session variable session_unset(); // destroy the session session_destroy(); ?> </body> </html>
We use these functions on pages like logout or checkout in case of an eCommerce website to clean the session variable off the user specific data and to eventually destroy the current session.