PHP  Session

the session can be used to persist state information between page request. the http is a 'stateless' protocol.

sessions information are stored on server side.


PHP - session

"if you are working with an web application, you open it, do some changes and them you close it. this process is much like a session. but in this situation web application server does not know who you are and what you do because we know the http protocol doesn't maintain state ('stateless')."

"php session solves this problem by allowing you to store user information on the server for later use. however, session information is temporary and will be deleted after the user has left the website, for permanent storage you may want to store data in a database."

in a session-based environment, every client is identified through a unique number a so-called 'session identifier' and this unique number is used to link each client with its information on the server. every time the client visits the web site, the site reads the client's session identifier and restores state information from a data repository on the server.


how start a PHP Session

before you can to store information in a session, you have to start php session handling. to start the session you call the session_start() function.

this function call must be done before any text, html, or javascript is sent to the browser.

<?php session_start();
              
           ?>
           
            <html> <head> <title> send id </title> </head>
            
              <body> <p> this is the demo </p>
              
            </body>
            
          </html>

note : session_start() starts the session between the user and the server, and allows values stored in $_session to be accessible in other scripts.


the $_session globalvariable used to store and retrieve session variables :

you can store array, object, a file pointer in a session.

<?php session_start();     
         
                    $_session["first_name"] = "sandeep";
                    
                    $_session["pass"] = "1234sa";   // store session data
                    
                    $_session["id"]  = "ac23d";
                    
     ?>

how retrieve session data in php.

     <?php     session_start();
     
                echo    $_session['first_name']. "<br/>";
                
                echo    $_session['pass']. "<br/>";      // retrieve session data
                
                echo    $_session['id'];
                
     ?>

destroying a PHP Session

the unset() function is used to delete a single session value.

the session_unset() function is used to delete all of the session's values.

<?php  
                session_start();
                
                unset( $_session["first_name"]);  // delete the first_name value
                
                unset( $_session["id"]);         //  delete the id value


                session_unset()  // this function delete all session values                
    ?>

you can also completely destroy the session by calling the session_destroy() function:

  <?php      session_destroy();  ?>  // when user logout  use this method

check a session uses a cookie or query string

when a session is started the session id is, by default, stored in a cookie on the clients machine. but if the clients web browsers does not support cookies, or has cookies turned off, then php will try to send the session id via the query string. look like:

  www.example.com/user.php?sid=43a55d34k3df3434dfds433ddf

session id support is disable by default in php.ini. if you have this enabled, you can check if the client is using cookies or the query string like this:

<?php
               session_start();
               
               if( isset( $_cookie['phpsessid'])){
               
                   echo  "the session id has been store in a cookie";
                }
                
               if( defined( sid )){
               
                   echo  "the session id has been stored in the query string";   
                 
                 }
     ?>

note :- sessions store data on the server, not on the browser like cookies.

note :- sessions are more secure than cookies.