Sessions in PHP are started by using the session_start( ) function. Like the setcookie( ) function, the session_start( ) function must come before any HTML, including blank lines, on the page. It will look like this:
<?php
session_start( );
?>
The session_start( ) function generates a random Session Id and stores it in a cookie on the user's computer (this is the only session information that is actually stored on the client side.) The default name for the cookie is PHPSESSID, although this can be changed in the PHP configuration files on the server (most hosting companies will leave it alone, however.) To reference the session Id in you PHP code, you would therefore reference the variable $PHPSESSID
Every session in PHP begins with a call to the session_start() function. This function checks to see whether a session already exists, and either restores it (if it does) or creates a new one (if it doesn't). Session variables can then be registered by adding keys and values to the special $_SESSION superglobal array, and can be accessed at any time during the session using standard array notation.
<?php
// initialize a session
session_start();
// increment a session counter
$_SESSION['counter']++;
// print value
echo "You have viewed this page " . $_SESSION['counter'] . " times";
?>
In the example above, a key named counter has been added to the $_SESSION array. The first time a session is created, this key will have the value 0. On every subsequent request for the page during the same session, the previous value of the counter will be retrieved and incremented by 1. If the example above doesn't work as advertised, check to make sure that the session.save_path variable in your php.ini file points to a valid temporary directory for your system. This value is hard-wired to /tmp by default, so if you're trying the example on a Windows system, you will need to edit it to C:\Windows\temp (or your system's temporary directory).
what happens when you come to the second pass through your page and reach the session_start( ) function again. PHP knows that there is already a session on progress and so ignores subsequent instances of the session_start( )
Session variables are created by registering them for the session, using the session_register( ) function.
When the user shuts down the client browser it destroys the session, the $_SESSION array will be flushed of all session variables. You can also explicitly destroy a session - for example, when a user logs out - by calling the session_destroy() function.
It's important to note that the call to session_start() must appear first, before any output is generated by the script. This is because the PHP session handler internally uses in-memory cookies to store session data, and the cookie creation headers must be transmitted to the client browser before any output.If you see a warning generated in PHP enabled page
Warning: Cannot send session cache limiter - headers already sent (output started at ...)
because somewhere, somehow, some output has found its way to the browser before session_start() was called. Even a carriage return or a blank space outside the PHP tags surrounding session_start() can cause this error.
Every session has a unique session ID. PHP uses to keep track of different clients through sesion ID.The session ID is a long alphanumeric string, which is automatically passed by PHP from page to page so that the continuity of the session is maintained.
What's the Difference Between Storing Your Data in Cookies and in Session Variables?
- Cookies are returned and stored in the user's browser, session data are stored on your web server.
- The life span of a cookie can be set to almost any duration of your choosing. PHP sessions have a predetermined short life. The exact life span depends on how your web host has configured PHP on your server.
- Depending on how your web server is configured, session data is often stored in a public temporary directory on the server. As such it is possible that other users on the server may be able to peek at the data you store there.
PHP Session Cookies Across Subdomains and Multiple Domains
PHP Session Cookie Multiple Domains
You need to change the php session configuration option for session.cookie_domain from the default of “” (which inserts your hostname) to:
“.domain.com”
You can do this with: session_set_cookie_params() before doing your session_start() or if you have php start your sessions for you automatically you might consider throwing:
php_value session.cookie_domain ".domain.com"into the .htaccess file for the site. If you put the .htaccess file in the directory for xxx.domain.com then all sessions started on xxx.domain.com will be shared on all other domains like www.domain.com. This means however that sessions started in www.domain.com won’t carry over unless the .htaccess file is also present in it’s root directory.
Important Note
The first dot in “.domain.com” is not always nessesary however for support of all browsers it is suggested.
session_cache_expire
session_cache_expire() returns the current setting of session.cache_expire.
The cache expire is reset to the default value of 180 stored in session.cache_expire at request startup time. Thus, you need to call session_cache_expire() for every request (and before session_start() is called).
session_cache_limiter
session_cache_limiter() returns the name of the current cache limiter.
The cache limiter defines which cache control HTTP headers are sent to the client. These headers determine the rules by which the page content may be cached by the client and intermediate proxies. Setting the cache limiter to nocache disallows any client/proxy caching. A value of public permits caching by proxies and the client, whereas private disallows caching by proxies and permits the client to cache the contents.
In private mode, the Expire header sent to the client may cause confusion for some browsers, including Mozilla. You can avoid this problem by using private_no_expire mode. The Expire header is never sent to the client in this mode.
The cache limiter is reset to the default value stored in session.cache_limiter at request startup time. Thus, you need to call session_cache_limiter() for every request (and before session_start() is called).
session_decode
session_decode() decodes the session data in data, setting variables stored in the session.
session_destroy()
destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
session_encode()
returns a string with the contents of the current session encoded within.
session_id()
is used to get or set the session id for the current session.
The constant SID can also be used to retrieve the current name and session id as a string suitable for adding to URLs.
session_is_registered
— Find out whether a global variable is registered in a session
//instead of session_register('VARNAME');
if(isset($_SESSION['VARNAME']))
session_module_name
Get and/or set the current session module
session_regenerate_id
— Update the current session id with a newly generated one
session_save_path
returns the path of the current directory used to save session data.
session_save_path('/home/example.com/sessions');
ini_set('session.gc_probability', 1);
session_set_cookie_params — Set the session cookie parameters
session_write_close
Session data is usually stored after your script terminated without the need to call session_write_close(), but as session data is locked to prevent concurrent writes only one script may operate on a session at any time.
No comments:
Post a Comment