PHP session processing analysis

Session handling is an important concept in PHP that allows user information to remain unchanged across all pages of a website or application.

What is session in PHP?

Session is a mechanism that retains information on different web pages to identify users as they browse a website or application.

Everyone must have this question: Why does the website need sessions? Before discussing this issue, we need to go back and look at how the HTTP protocol works.

The HTTP protocol is a stateless protocol, which means that the server cannot remember a specific user between requests. For example, when you visit a web page, the server is only responsible for serving the content of the requested page. So when you visit other pages on the same website, the web server interprets each request individually as if they have nothing to do with each other. The server has no way of knowing that every request comes from the same user.

(Free learning video tutorial: php video tutorial)

The following figure briefly describes the HTTP protocol.

In this process, if you want to display information for a specific user, you must authenticate the user in each request. Imagine if every time you make a request, you need to enter your username and password on the page for authentication; this is too cumbersome and not practical at all. However, session comes in handy at this time.

Session allows users to share information across different pages of a single site or application, so it helps maintain state. This lets the server know that all requests are coming from the same user, allowing the site to display user-specific information and preferences.

The following diagram describes how the HTTP protocol is used with sessions.

#How does PHP handle sessions?

1. Start the session

Whenever you want to process session variables, you need to ensure that the session has been started. There are several ways to start a session in PHP.

1), use the session_start function

This is the most common method, in which the session is started by the session_start function.

It is important that the session_start function is called at the beginning of the script before any output is sent to the browser. Otherwise, you will encounter the infamous Headers are already sent error.

2), Automatically start the session

If you need to use the session throughout the application, you can also choose to automatically start the session without using the session_start function.

There is a configuration option session.auto_start in the php.ini file that allows us to automatically start a session for each request. By default, it is set to 0, we can set it to 1 to enable the auto-start feature.

#2. Get the session ID

The server creates a unique id for each new session. If you want to get the session ID, you can use the session_id function as shown in the following snippet.

This should give you the current session ID. The session_id function is interesting because it can also take one parameter - a session ID. If you want to replace the system-generated session ID with your own, you can provide it to the first parameter of the session_id function.

It is important to note that when you want to start a session with a custom session ID, the session_id function must be called before session_start.

3. Create session variables

Once the session is started, $_SESSION will initialize the super global array with the corresponding session information. By default it is initialized with a blank array, you can use key-value pairs to store more information.

Let’s take a look at how to initialize session variables through code examples.

As shown above, we use the session_start function to start a session at the beginning of the script; after that, we initialize several session variables; finally, we use the $_SESSION super global access these variables.

When using the $_SESSION superglobal to store data in a session, it is ultimately stored in the corresponding session file on the server that is created when the session is started. This way session data is shared across multiple requests.

As we discussed, session information is shared between requests, so session variables initialized on one page will also be accessible from other pages until the session expires. Normally, the session expires when the browser is closed.

4. Modify and delete session variables

We can modify or delete session variables previously created in the application just like modifying regular PHP variables.

Let’s take an example to see how to modify session variables.

In the above script, we first check whether the $_session['count'] variable is set. If it is not set, we will set it to 1, otherwise we will increment it by 1. So if you refresh this page multiple times, you can see the counter incrementing by one each time!

On the other hand, if you want to delete the session variable, you can use the unset function, as shown in the following code snippet:

In this way, we cannot Access the $_SESSION['logged_in_user_id'] variable again. Because it has been deleted by the unset function.

5. Destroy the session

We know above that we can use the unset function to delete specific session variables; so what should we do if we want to delete all session-related data at once?

It’s actually very simple, we can use the session_destroy function.

Let’s take a look at how the session_destroy function works.

Description: The session_destroy function deletes all content stored in the current session. Therefore, when the session data stored on disk is deleted by the session_destroy function, we will see an empty session variable from subsequent requests.

Note: Usually, the session_destroy function is used only when the user logs out

Recommended related article tutorials: php tutorial

The above is the detailed content of PHP session processing analysis. For more information, please follow other related articles on the PHP Chinese website!