Session in PHP
official documentation1. Sessions & Cookies
- Session: a chunk of data maintained at the server that maintains state between HTTP requests. Features:
- No storage limit.
- Not easily accessible.
- Type of values can store in a session? Any type (number, string, array,…)
- Cookie: a bit of data stored by the browser and sent to the server with every request. It is often used to facilitate sessions since it tells the server which client handles which session.
- Store limited amount of data.
- Easily sccessible so less secure.
- Type of values can store in a session? String
Since HTTP is stateless, session is always used to remember state.
And cookies are used to identify sessions.
2. Sessions in PHP
Session support in PHP consists of a way to preserve certain data across subsequent accesses. The session support allows us to store data between requests in the $_SESSION superglobal array. When a visitor access a site, PHP will check automatically or on your request (explicitly through session_start()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.
Basic usage:
Sessions can be started manully using the session_start() function. If the session.auto_start directive is set to 1, a sessio will automatically start on request startup.
Sessions shutdown automatically when PHP is finished executing a script, but can be manully shutdown using the session_write_close() function.
Example:
<?php
// store a variable count, record the visiting times to a page
sesseion_start();
if (isset($_SESSION['count'])) {
$_SESSION['count']++;
} else {
$_SESSION['count'] = 1;
}
Note:
When working with sessions that a record of a session is not created until a variable has been registered using the session_register() function or by adding a new key to the $_SESSION superglobal array. This holds true regardless of if a session has been started using the session_start() function.
Passing the Session ID:
There are two ways to propagate a sessio id: Cookies and URL parameter.
Session Functions:
session_regenerate_id: replace the current session id with a new one, and keep the current session information.session_destroy: destroy all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.setcookie: define a cookie to be sent along with the rest of the HTTP headers. Once the cookies have been set, they can be accessed on the next page load with the$_COOKIEarray. Cookie values may also exist in$_REQUEST.session_get_cookie_params: get the session cookie parameters.
How to destroy global variables associated with the session?
- Unset all the session variables.
- Delete the session cookie.
- Destroy the session.
CODE
public static function logout()
{
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
}
