Blog de programación, errores, soluciones

Chose Language:
Author: Admin/Publisher |finished | checked

PHP Sessions

Sometimes we need to create a website that need sessions to know if a user is logged or not, or other data we need between pages.

First lest see the 2 fundamental functions of Sessions, you need to create a session, right? And need to destroy the session when no longer in use too.

session_start()

https://blastcoding.com/en/php-sessions/#session_start

We can start a session anytime with session_start() or resume the existing one.

<?php
session_start();

Remember that sessions are used to store data while the session is active.

Sessions continuity in PHP

In other words you need session_start() in the files to access $_SESSION values, if you have not a continuity of session_start between files you cant access these data.

For example if you have session_start in the first file and not a session start in the second one, and a session start in the third file you cant access session data in second file, but you can access session data in third file.

// File 1:
session_start();
$_SESSION['username'] = 'Marco Aurelio';

// File 2:
// Without session_start(), $_SESSION['username'] won't be accessible
echo $_SESSION['username']; // Output: Undefined variable: $_SESSION
(checked)

$_SESSION

https://blastcoding.com/en/php-sessions/#$_SESSION

An associative array containing session variables available to the current script

php.net

In the following case, I can say that I’m assigning "ELPEPE" value to session name variable

<?php
session_start();
$_SESSION['name']="ELPEPE";

¿When to use session variables?

An example could it be when a user login in our page.

You could save data from the user on $_SESSION, these data could it be the name, a token or something that distinguish the user, so we could know where the user has access.

I not recommend to store personal user data on sessions like password or something like that. Could store email if it’s necessary, but not make it public on your page.

Do not overcharge sessions with sessions variables.

In fact, using sessions to store anything could be a security problem. In my opinion, you should store a token that permits you to identify the user in the lapse of time that session is alive.

Could it be something like this:

In case you need to store: user preferences, zone times or other things, store them in the database.

session_destroy()

https://blastcoding.com/en/php-sessions/#session_destroy

Destroy all info associated with the actual session but not destroy variables associated with the session, also do not destroy the session cookie.

If we call session_start() again after a session_destroy() we can access $_SESSION['name'] value because we do not unset it.

To eliminate this data, we can use unset()

<?php
session_start();
unset($_SESSION['name']);
session_destroy();

In this way, we can eliminate $_SESSION['name'] variable

IMPORTANT: Never use unset on $_SESSION.

Sessions functions in PHP

https://blastcoding.com/en/php-sessions/#functions (disponibles desde PHP 4)

session_name— Obtain and/or set the current session name

session_id— Obtain and/or set the current session ID

session_decode — Decodes session data from a session-encoded string (session_encode)

session_destroy — Destroys all data registered to a session

session_encode — Encodes the current session data as a session-encoded string

session_get_cookie_params — Get the session cookie parameters

session_module_name — Obtain or set the current session module

session_save_path — Get and/or set the current session save path

session_set_cookie_params — Set the session cookie parameters

session_set_save_handler — Sets user-level session storage functions

session_start — Start a new or resume an existing session

session_unset — Free all session variables

(PHP 4 >= 4.0.3, PHP 5, PHP 7, PHP 8)

session_cache_limiter — Get and/or set the current cache limiter

(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

session_write_close — Write session data and end session

(PHP 4 >= 4.2.0, PHP 5, PHP 7, PHP 8)

session_cache_expire — Get and/or set the current cache expiration

(PHP 4 >= 4.3.2, PHP 5, PHP 7, PHP 8)

session_regenerate_id — Update the current session ID with a newly generated one

(PHP 4 >= 4.4.0, PHP 5, PHP 7, PHP 8)

session_commit — Alias of session_write_close()

(PHP 5 >= 5.4.0, PHP 7, PHP 8)

session_register_shutdown — Register a shutdown function for session

session_status — Returns the current session status

(PHP 5 >= 5.6.0, PHP 7, PHP 8)

session_abort — Discards changes in the session array and ends the session

session_reset — Re-initialize the session array with original values

(PHP 7 >= 7.1.0, PHP 8)

session_gc— Perform garbage collection on session data

session_create_id — Create a new session ID

Deprecated Functions

https://blastcoding.com/en/php-sessions/#depricated_functions

$HTTP_SESSION_VARS Contain all variables in session, instead use $_SESSION

session_is_registered – we can check a session with isset() so this function has no sense

session_register – Register one or more global variables with the current session actually we use $_SESSION['var_name']

session_unregister -actually we use unset()

Category: en-php
Something wrong? If you found an error or mistake in the content you can contact me on Twitter | @luisg2249_luis.
Post info
Author:Luis Gomez Created: 10th Feb 2021 Last Update: 1st Oct 2024
Recent articles

Creating WordPress Block Themes: Step by Step

WordPress block themes - Predefined styles

A basic guide to Tmux

Standalone FrankenPHP Installation: A Step-by-Step Guide