Sei sulla pagina 1di 13


Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build

more customized applications and increase the appeal of your web site.

A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the

user side or is propagated in the URL.

The session support allows you to store data between requests in the $_SESSION super globalarray. When a visitor

accesses your site, PHP will check automatically (ifsession.auto_startis set to 1) or on your request (explicitly through

session_start()or implicitly throughsession_register()) whether a specific session id has been sent with the request. If this

is the case, the prior saved environment is recreated.

Code for differentiating Guest and Logged members:


// Starting the session



{//Code for Logged members

//Identifying the user

$user = $_SESSION['user'];

// Information for the user.




// Code to showGuests




Sessions are a simple way to store data for individual users against a unique session ID. This can be used to persist state information between page requests. Session IDs are normally sent to the browser via session cookies and the ID is used to retrieve existing session data. The absence of an ID or session cookie lets PHP know to create a new session, and generate a new session ID.

Sessions follow a simple workflow. When a session is started, PHP will either retrieve an existing session using the ID passed (usually from a session cookie) or if no session is passed it will create a new session. PHP will populate the $_SESSION superglobalwith any session data after the session has started. When PHP shuts down, it will automatically take the contents of the $_SESSIONsuperglobal, serialize it, and send it for storage using the session save handler.

Sessions can be started manually using thesession_start()function. If thesession.auto_startdirective is set to 1 , a session will automatically start on request startup.

Sessions normally shutdown automatically when PHP is finished executing a script, but can be manually shutdown using the session_write_close()function.

Registering a variable with $_SESSION



if (!isset($_SESSION['count']))



$_SESSION['count'] = 0;








Unregistering a variable with $_SESSION






The session module cannot guarantee that the information you store in a session is only viewed by the user who created the session.

You need to take additional measures to actively protect the integrity of the session, depending on the value associated with it.

Assess the importance of the data carried by your sessions and deploy additional protections -- this usually comes at a price, reduced

convenience for the user. For example, if you want to protect users from simple social engineering tactics, you need to

enable session.use_only_cookies . In that case, cookies must be enabled unconditionally on the user side, or sessions will not work.

There are several ways to leak an existing session id to third parties. A leaked session id enables the third party to access all resources which are associated with a specific id. First, URLs carrying session ids. If you link to an external site, the URL including the session id might be stored in the external site's referrer logs. Second, a more active attacker might listen to your network traffic. If it is not encrypted, session ids will flow in plain text over the network. The solution here is to implement SSL on your server and make it mandatory for users.


session_cache_expireReturn current cache expire

session_cache_limiterGet and/or set the current cache limiter

session_commitAlias ofsession_write_close

session_decodeDecodes session data from a session encoded string

session_destroyDestroys all data registered to a session

session_encodeEncodes the current session data as a session encoded string

session_get_cookie_paramsGet the session cookie parameters

session_idGet and/or set the current session id

session_is_registeredFind out whether a global variable is registered in a session

session_module_nameGet and/or set the current session module

session_nameGet and/or set the current session name

session_regenerate_idUpdate the current session id with a newly generated one

session_register_shutdownSession shutdown function

session_registerRegister one or more global variables with the current session

session_save_pathGet and/or set the current session save path

session_set_cookie_paramsSet the session cookie parameters

session_set_save_handlerSets user-level session storage functions

session_startStart new or resume existing session

session_statusReturns the current session status

session_unregisterUnregister a global variable from the current session

session_unsetFree all session variables

session_write_closeWrite session data and end session


ThankYou Stay Connected with us for more chapters on PHP Apex TG India E-20 , Sector

Stay Connected with us for more chapters on PHP

Apex TG India E-20 , Sector 63, Noida 0120 – 4029000/9024/9025/9027


Email id:

E-20 , Sector 63, Noida 0120 – 4029000/9024/9025/9027 +91-9953584548 Email id: