Introduction To Sessions
Sessions are useful for a number of things, to store information about a user, restrict access to certain areas and more. They are secure and more reliable than cookies as a number of browsers now have certain default security and privacy settings that mean people wont always be able to accept cookies. Session information is stored on the server rather than the users PC.
This is a quick explaination of the most common session functions and their usage, i'll try and give a working example of using sessions in a later tutorial.
The Basic Functions
session_start is probally the most important function used when working with sessions, it's something that you need to include on every page in order for the session ID to be passed and processed.
One of the most important things to remember is that you must call session_start() before any other information or HTML is sent to the browser, for example, this would return an error:
echo "Welcome to the login page\n";
Because we're sending information to the browser before calling the function, there are ways round this, by buffering the output of your pages but it's easier to remember to call session_start() before you do anything else in your page.
session_register is used to register one or more global variables within a session, for example:
This would embed the value $username perhaps set via a form into the session so you can then pass this across multiple pages and reference it later to perhaps check if the user is allowed access to a certain area.
Note: Using session_register in this way would require register_globals to be set as on in your php.ini file, new versions of php have this off by default. If register_globals is disabled, you would need to make use of the session functions "superglobal" $_SESSION to register variables, for example:
$username = $_POST['username'];
$_SESSION['username'] = $username;
This will work regardless of whether register_globals is on or off and is probally a better habbit to get into as it means your code will always be portable.
session_unregister is (not surprisingly) used to unregister a variable from the session, for example:
Once again using this function requires register_globals to be enabled, otherwise the following would have the same outcome:
The name alone probally explains the use of this, basically it will check whether a variable is registered within a session, for example:
//do something else
And again the alternative, if you're already using
$_SESSION then you should make use of isset() instead to check for a variable, for example:
//do something else
session_id will return the session id for the current session, and if called before session_start it can also be used to set the name of a particular session with
As session_id will return false if there's no known active session, it would be useful in a script if you only want to start a session if one doesn't currently exist, for example:
//session already exists
session_id() is normally the string that you see added to urls of sites that are using sessions (you'll see it on most php based forums) so that you can be easily indentified across the site.
The last of the basic functions we'll look at, session_destroy() will destroy all data that's assocatied with the active session, something that's most often used for logging users out of sites/forums that require then to log in.
session_destroy will return either TRUE or FALSE depending on whether or not the session data was destroyed successfully. session_destroy will not unset any of the variables used within the session.
These are the most basic and common sessions functions, though there are others, have a look at the sessions functions section of the PHP Manual for more information.