Session Control  
documentation PHP Library
 
session control used to track a user during a single session on a web site.

useful for

  • user authentication
  • shopping carts

 

session ID A unique random number generated by PHP and maintained on the client's machine as a cookie or passed through the URL for the lifetime of the session.

The session id (a key) is used to keep track of session variables.

A file (either a flat file or db file) are stored on the server which record the session variables.

Implementing a
Session
  • Start a session
  • Register session variables
  • Use session variables
  • Deregister session variables
  • Destroy the session
Start a
session
Three ways to start a session

1. session_start( );

  • checks if there is a session and creates one if none exists.
  • it is good idea to put this in all scripts using the session control

2. session_register("variable_name");

  • used to register session variables and this will begin a session also

3. session.auto_start option

  • automatically starts a session when someone comes to your site.  Must be configured in the php.ini file.
register
session variables
session variables are stored in a global array $_SESSION (php 4.1)

to set a variable, just set the array value:

$_SESSION["variableName"] = 8;

use
session variables
To bring the session variables into scope you must start a session:

session_start( );

access the variables via the array:

$_SESSION["variableName"]
 

 

Check to see if session variable are registered:

$result = session_is_registered("variableName");
                                                  //returns true or false

better to do it as follows:

   if (isset($_SESSION["variableName"])) ...

deregister
session variables
deregisters all session variables

session_unset( );

 

each individual:

unset($_SESSION["variableName"]);

destroy the
session id
After all variables have been deregistered, clean up the session ID:

session_destroy( );

 

simple example: three web pages written in php:

page1:

  • start the session
  • register the session variable

page2:

  • access the session variable
  • deregister the session variable

page3:

  • destroy the session

 

  page1.php :
 

<?php
//start session
  session_start();

//register session variables
   $_SESSION["sess_var1"] = "Hello world!";

print("<p>Example 1 - Page 1: </p> \n");

//access variable
if (isset($_SESSION["sess_var1"]))
{
   print("<p>The content of \$_SESSION[\"sess_var1\"] is ");
   print($_SESSION["sess_var1"] );
   print("\n</p>\n");
}
   else
{
   print("<p>No session variable sess_var1 set!</p>\n");
}
?>

  page2.php :
 

<?php
//start session to bring session variables in scope
  session_start();

print("<p>Example 1 - Page 2: </p> \n");

//access variable
if (isset($_SESSION["sess_var1"]))
{
  print("<p>The content of \$_SESSION[\"sess_var1\"] is ");
  print($_SESSION["sess_var1"] );
  print("\n</p>\n");
}
else
{
  print("<p>No session variable sess_var1 set!</p>\n");
}

//un set a session variable
  unset($_SESSION["sess_var1"]);
?>

  page3.php :
 

<?php
//start session to bring session variables in scope
  session_start();

print("<p>Example 1 - Page 3: </p> \n");

//access variable
if (isset($_SESSION["sess_var1"]))
{
  print("<p>The content of \$_SESSION[\"sess_var1\"] is ");
  print($_SESSION["sess_var1"] );
  print("\n</p>\n");
}
else
{
  print("<p>No session variable sess_var1 set!</p>\n");
}

// destroy the session (all session variables)
  session_destroy();
?>

 

User Authentication using
session variables:
three web pages written in php:

authmain:

  • start the session
  • check if user is signed on
  • if not then show form with sign-on
  • other wise look up username in db table and check pw
  • if the username and password match - set session variable

members_only:

  • check session variable
  • if set then show member stuff
  • if not show error message

logout:

  • unset session variable
  • destroy session
  • print appropriate message

 

  authmain.php

  <click here for php code>

  valid users:

userid password
user1 irun5K
user2 csci304
user3 4youNEthing

 

  members_only.php
 
<?php
session_start();

print("<h1>Members only</h1>");

// check session variable

if (isset($_SESSION["valid_user"]))
{
print("<p>You are logged in as: ");
print($_SESSION["valid_user"]);
print(" </p><br /> \n");

print("<p>Members only content goes here</p>\n");
}
else
{
print("<p>You are not logged in.</p>");;
print("<p>Only logged in members may see this page.</p>");
}

print("<a href=\"session_ex2_authmain.php\">Back to main page</a>");
?>

 

  logout.php
 
<?php
session_start();
$old_user = $_SESSION["valid_user"]; 
// store to test if they *were* logged in
unset($_SESSION["valid_user"]);

session_destroy();

if (!empty($old_user))
{
    print("Logged out.<br /> \n");
}
else
{
    // if they weren't logged in but came to this page somehow
print("You were not logged in, and so have not been logged out.<br />\n"); 
}
?>