SESSION

HANDLING
facebook.com/apex.tgi
twitter.com/ApextgiNoida
pinterest.com/apextgi
INTRODUCTION

Session support in PHP consists of a way to preserve certain data across subsequent accesses. Tis enab!es you to bui!d
"ore custo"i#ed app!ications and increase te appea! of your web site.

$ visitor accessin% your web site is assi%ned a unique id& te so'ca!!ed session id. Tis is eiter stored in a coo(ie on te
user side or is propa%ated in te UR).

Te session support a!!ows you to store data between requests in te$_SESSIONsuper %!oba!array. *en a visitor
accesses your site& PHP wi!! cec( auto"atica!!y +ifsession.auto,startis set to -. or on your request +e/p!icit!y trou%
session,start+.or i"p!icit!y trou%session,re%ister+.. weter a speci0c session id as been sent wit te request. If tis
is te case& te prior saved environ"ent is recreated.
Code for di1erentiatin% 2uest and )o%%ed "e"bers3
45pp
66 Startin% te session
session,start+.7
if+isset+8,S9SSION:;user;<..
=66Code for )o%%ed "e"bers
66Identifyin% te user
8user > 8,S9SSION:;user;<7
66 Infor"ation for te user.
?
e!se
= 66 Code to sow2uests
?
5@
A$SIC US$29S OB S9SSION
Sessions are a si"p!e way to store data for individua! users a%ainst a unique session ID. Tis can be used to persist state infor"ation
between pa%e requests. Session IDs are nor"a!!y sent to te browser via session coo(ies and te ID is used to retrieve e/istin% session
data. Te absence of an ID or session coo(ie !ets PHP (now to create a new session& and %enerate a new session ID.
Sessions fo!!ow a si"p!e wor(Cow. *en a session is started& PHP wi!! eiter retrieve an e/istin% session usin% te ID passed +usua!!y
fro" a session coo(ie. or if no session is passed it wi!! create a new session. PHP wi!! popu!ate te$_SESSIONsuper%!oba!wit any
session data after te session as started. *en PHP suts down& it wi!! auto"atica!!y ta(e te contents of te$_SESSIONsuper%!oba!&
seria!i#e it& and send it for stora%e usin% te session save and!er.

Sessions can be started "anua!!y usin% tesession,start+.function. If tesession.auto,startdirective is set to1& a session wi!!
auto"atica!!y start on request startup.

Sessions nor"a!!y sutdown auto"atica!!y wen PHP is 0nised e/ecutin% a script& but can be "anua!!y sutdown usin% te
session,write,c!ose+.function.
Re%isterin% a variab!e wit$_SESSION
45pp
session,start+.7
if +Disset+8,S9SSION:;count;<..
=
8,S9SSION:;count;< > E7
?
e!se
=
8,S9SSION:;count;<FF7
?
5@
Unre%isterin% a variab!e wit$_SESSION
45pp
session,start+.7
unset+8,S9SSION:;count;<.7
5@

Te session "odu!e cannot %uarantee tat te infor"ation you store in a session is on!y viewed by te user wo created te session.
Gou need to ta(e additiona! "easures to active!y protect te inte%rity of te session& dependin% on te va!ue associated wit it.

$ssess te i"portance of te data carried by your sessions and dep!oy additiona! protections '' tis usua!!y co"es at a price& reduced
convenience for te user. Bor e/a"p!e& if you want to protect users fro" si"p!e socia! en%ineerin% tactics& you need to
enab!esession.use_only_cookies. In tat case& coo(ies "ust be enab!ed unconditiona!!y on te user side& or sessions wi!! not wor(.
S9SSION $ND S9CURITG
Tere are severa! ways to !ea( an e/istin% session id to tird parties. $ !ea(ed session id enab!es te tird party to
access a!! resources wic are associated wit a speci0c id. Birst& UR)s carryin% session ids. If you !in( to an e/terna!
site& te UR) inc!udin% te session id "i%t be stored in te e/terna! site;s referrer !o%s. Second& a "ore active
attac(er "i%t !isten to your networ( traHc. If it is not encrypted& session ids wi!! Cow in p!ain te/t over te networ(.
Te so!ution ere is to i"p!e"ent SS) on your server and "a(e it "andatory for users.
SessionBunctions
session,cace,e/pireI Return current cace e/pire
session,cace,!i"iterI 2et and6or set te current cace !i"iter
session,co""itI $!ias ofsession,write,c!ose
session,decodeI Decodes session data fro" a session encoded strin%
session,destroyI Destroys a!! data re%istered to a session
session,encodeI 9ncodes te current session data as a session encoded strin%
session,%et,coo(ie,para"sI 2et te session coo(ie para"eters
session,idI 2et and6or set te current session id
session,is,re%isteredI Bind out weter a %!oba! variab!e is re%istered in a session
session,"odu!e,na"eI 2et and6or set te current session "odu!e
session,na"eI 2et and6or set te current session na"e
session,re%enerate,idI Update te current session id wit a new!y %enerated one
session,re%ister,sutdownI Session sutdown function
session,re%isterI Re%ister one or "ore %!oba! variab!es wit te current session
session,save,patI 2et and6or set te current session save pat
session,set,coo(ie,para"sI Set te session coo(ie para"eters
session,set,save,and!erI Sets user'!eve! session stora%e functions
session,startI Start new or resu"e e/istin% session
session,statusI Returns te current session status
session,unre%isterI Unre%ister a %!oba! variab!e fro" te current session
session,unsetI Bree a!! session variab!es
session,write,c!oseI *rite session data and end session
ttp366www.ape/t%i.in
Tan( Gou
Apex TG India
E-20 , Sector 63, Noida
0120 02!000"!02"!02#"!02$
%!1-!!#3#&#&
E'ai( id) pratap*apext+i,co'
Stay Connected wit us for "ore capters on PHP