PHP Sessions

Sometimes we need to create a website that need sessions to know if a user is logged or not, or other data we need between pages.

First lest see the 2 fundamental functions of Sessions, you need to create a session, right? And need to destroy the session when no longer in use too.

session_start()

We can start a session anytime with session_start() or resume the existing one.

<?php
session_start();

Remember that sessions are used to store data while the session is active.

// File 1:
session_start();
$_SESSION['username'] = 'Marco Aurelio';

// File 2:
// Without session_start(), $_SESSION['username'] won't be accessible
echo $_SESSION['username']; // Output: Undefined variable: $_SESSION

$_SESSION

An associative array containing session variables available to the current script

php.net

In the following case, I can say that I’m assigning "ELPEPE" value to session name variable

<?php
session_start();
$_SESSION['name']="ELPEPE";

¿When to use session variables?

An example could it be when a user login in our page.

You could save data from the user on $_SESSION, these data could it be the name, a token or something that distinguish the user, so we could know where the user has access.

I not recommend to store personal user data on sessions like password or something like that. Could store email if it’s necessary, but not make it public on your page.

In fact, using sessions to store anything could be a security problem. In my opinion, you should store a token that permits you to identify the user in the lapse of time that session is alive.

Could it be something like this:

In case you need to store: user preferences, zone times or other things, store them in the database.

session_destroy()

Destroy all info associated with the actual session but not destroy variables associated with the session, also do not destroy the session cookie.

If we call session_start() again after a session_destroy() we can access $_SESSION['name'] value because we do not unset it.

To eliminate this data, we can use unset()

<?php
session_start();
unset($_SESSION['name']);
session_destroy();

In this way, we can eliminate $_SESSION['name'] variable

Sessions functions in PHP

session_name— Obtain and/or set the current session name

session_id— Obtain and/or set the current session ID

session_decode — Decodes session data from a session-encoded string (session_encode)

session_destroy — Destroys all data registered to a session

session_encode — Encodes the current session data as a session-encoded string

session_get_cookie_params — Get the session cookie parameters

session_module_name — Obtain or set the current session module

session_save_path — Get and/or set the current session save path

session_set_cookie_params — Set the session cookie parameters

session_set_save_handler — Sets user-level session storage functions

session_start — Start a new or resume an existing session

session_unset — Free all session variables

session_cache_limiter — Get and/or set the current cache limiter

session_write_close — Write session data and end session

session_cache_expire — Get and/or set the current cache expiration

session_regenerate_id — Update the current session ID with a newly generated one

session_commit — Alias of session_write_close()

session_register_shutdown — Register a shutdown function for session

session_status — Returns the current session status

session_abort — Discards changes in the session array and ends the session

session_reset — Re-initialize the session array with original values

session_gc— Perform garbage collection on session data

session_create_id — Create a new session ID

Deprecated Functions

$HTTP_SESSION_VARS Contain all variables in session, instead use $_SESSION

session_is_registered – we can check a session with isset() so this function has no sense

session_register – Register one or more global variables with the current session actually we use $_SESSION['var_name']

session_unregister -actually we use unset()