PHP Sessions

PHP Sessions
siteground placeholder image

PHP sessions allow you to store temporary information about a user on the server like logged-in state or username. They're similar to cookies except that this data is stored on the server instead of the client.

When a session is created in PHP, a temporary file is created on the server with the information about that session and the values for that session. This makes it so that the data is available to all pages on the site. At the same time, PHP sends the client a cookie containing their session identifier (SID). Now that each user has their own unique SID, when they make any requests to the server, the server can take this SID, map it to the temporary file, and access whatever data we put in to that file.

Because the only thing the client gets is their ID, sessions are much safer than cookies for handling sensitive information, since that sensitive data lives on the server instead of the client.

Starting a PHP Session

To start a PHP session, use the session_start() function. This function first checks if a session already exists with this user by checking their session identifier. If there is a match, it simply retrieves the information in their temporary file. Otherwise it will initiate a brand new session, generating a new session identifier and sending the cookie to the user.

Here's how to start a session in PHP:

	
    <?php
        session_start();
    ?>
	

Storing Session Data

Now that we have initiated a session, we can now store data. All session data is available in the superglobal $_SESSION associative array.

Let's store a username with our session:

	
    <?php
        session_start();

        $_SESSION['username'] = 'Bob';
    ?>
	

It's that simple. We have now stored Bob as the value with the key username.

1and1 placeholder image

Accessing Session Data

With both a session initiated and some data stored in it, we can now access that data whenever we want. Here is how easily you can access somebody's username:

	
    <?php
        session_start();

        $username = $_SESSION['username'];

        echo($username);
    ?>
	
	
    Bob
	

How easy was that? You can access session variables in PHP just like you would any associative array. Alternatively, you can choose to check if the session variable exists before trying to work with it, like so:

	
    <?php
        session_start();

        if (isset($_SESSION['username'])) {
            // username exists
        } else {
            // username does not exist
        }
    ?>
	

Destroying a Session

You can destroy individual session variables by using the unset() function. This will remove a single variable from the associative array.

Let's say we wanted to remove the set username:

	
    <?php
        session_start();

        if (isset($_SESSION['username'])) {
            unset($_SESSION['username']);
        }
    ?>
	

First we check that it even exists at all and if so we simply unset the value. However, if you would like to simply destroy the entire session altogether, PHP offers us a specific function for that called session_destroy().

Using this function requires no parameters:

	
    <?php
        session_start();

        session_destroy();
        // session is destroyed
    ?>
	

Sessions are a powerful way to add awesome functionality to your site including user preferences, settings, usernames, and other useful features!