This course will become read-only in the near future. Tell us at community.p2pu.org if that is a problem.

Sessions


Sessions are vital in creating a dynamic PHP website. Especially if you're website will have a log in system.
A session is a little file that PHP stores that is assigned to you and you only.
Example: When you log into a website and you go from page to page, the site already knows you're logged in. It does this ine one of two ways.
a) It will look for cookies or..
b) It will look for your session

There are a few tricks to using a session though. First of all, it must be declared as session_start() at the beginning of every page, before anything is displayed on your web page.

session_start()
Initializes, or resumes a session that is created. Also allows cookies to be created.

Tip: When you create a dynamic website, it's a good practice to require() or include() an external file at the beginning of all your pages. If you get 50 pages into a website, and realize that you forgot to add session_start(), you can add it to that one file instead of opening and adding that one line to 50 files. It will save you time, I promise!

Once you have initialized the session_start() command, you can set a session. To set a session, we use a super global variable. It looks like this:

$_SESSION['name']

Try this:

Save this as session1.php
<?

session_start();
$_SESSION['me'] = "Kalob";

?>
Now save this part as session2.php
<?

session_start();
echo "My name is " . $_SESSION['me'];

?>

Upload, and go to session1.php. You will see nothing. Now go to session2.php.
WOAH! It shows your name! And as long as session_start() is at the top of any page, your $_SESSION['me'] will continue to exist.
Sessions, however, have a shelf life. This depends on the server config, but it's typically 10-15 minutes of inactivity, then it will destroy itself.
This is one method of transfering information from one page to another, without having to use a form.

Deleting a session:
If we want to get rid of ALL sessions we created, we use the session_destroy().

session_destroy()
Deletes all the information you created using $_SESSION[]'s.
This will not unset cookies, and should also be backed up with unset()

unset($variable)
Deletes the information associated with the $variable.
Can remove sessions and regular variables. Cookies are different.

If we only wanted to remove a particular session, we call the unset() function.
Example:

<?

session_start(); // starts the session
$_SESSION['date'] = time(); // assigns a session variable

unset($_SESSION['date']); // this destroys $_SESSION['date'], but keeps the session initialized so you can continue using sessions.
echo "My page";

?>

unset() does not have to be before any page output. It can be used anywhere on your page. But session_start() has to be before any input! That is a must!

Check for existing sessions:
When dealing with multiple sessions, you sometimes want to check if a session variable exists. Why? To not write over an existing one, or to make sure it exists 100%. For this we use isset().

isset($variable)
Checks if the $variable has information assigned to it, and does not return NULL.
Returns true of false.

I'll quickly write up an example for you.

<?

session_start(); // never forget this when using sessions

if(isset($_SESSION['age'])) // it is set, so it returns true, and executes the first statement
{
    echo "My age is " . $_SESSION['age']; // displays an age
    unset($_SESSION['age']); // unsets the session, for a one time use
}
else
{
    echo "The session is not set!"; // displays no session text
    $_SESSION['age'] = 19; // sets the session age variable
}

?>

This might seem like a lot, but it's not that much. You will write much bigger blocks of code in the future. And when you do, make sure you pat yourself on the back for getting this far!
Here's what we did, in english:

  • Told PHP to start using sessions with session_start()
  • Asked if $_SESSION['age'] variable exists yet.
  • If it does exist, show the age and then unset session. So next time you visit that page, the age session will not be set and you will get a different message.
  • When the age session does not exist, it displays that it is not set, and also sets the age variable - so next time you reload the page, it will show your age

    So once we break it down into english, it usually make a little more sense. Go ahead, write out that code and upload it. Then refresh the page and notice the different output... Refresh again! It will change every single time your reload the page!

    Your task:
    Create a page that allows sessions, then assign a variable to your own name. Then echo it.
    Once that works, write an if/else statement using isset() to show different results based on whether or not the $_SESSION exists.

    If you have any questions, please click "Post comment" at the top of this article. Chances are, if you have a question so do other people.

Task Discussion


  • Tynanh   April 3, 2013, 7:33 p.m.

    My SESSION code is here

    sessions.php

    These are important variables to use especially when using forms or user login sites. They allow you to have forms submitted to separate files and return appropriate variables based on the form. This is beneficial because it prevents forms from resubmitting themselves when you refresh the page. Check my code above for an example of this.