Slide môn học PHP session 7b session management in PHP

 A browser can maintain a maximum of 300 cookies Some users disable cookies while accessing websites  Storing large number of cookie files slows down the computer... PHP / Session 1

Session Management in PHP

Session 18

 Websites use cookies to store user-specific

 A browser can maintain a maximum of 300 cookies

 Some users disable cookies while accessing websites

 Storing large number of cookie files slows down the

computer

 Define a session

 Work with the session

 Start the session

 Register the session

 End the session

 Work with the php.ini file

PHP / Session 18 / Slide 5 of 27

Sessions

 Refers to the time the user a particular Web site

 Enable Web sites to store user requests and information on the Web

 Enable distinguishing the user specific information during the life of the session

 Session life refers to the total time a user spends on the Web site

Traditional Transfer of Data

 Web sites traditionally use two methods to pass user information from one script to another, such as:

 GET

 POST

PHP / Session 18 / Slide 7 of 27

Using Cookies to Transfer Data

 Enable us to store data into a variable and access it

across all the pages of the Web site

Difference between Cookies and Sessions

Cookies Sessions

Stores user information on

the client system

Stores user information on the Web server

Available even after the

user exits the Web browser

Destroyed when the user exits the Web browser Users can disable cookies Users cannot disable

sessions Have size limits Do not have size limits

PHP / Session 18 / Slide 9 of 27

Working with Sessions - I

 Session commences when a user accesses the

session-enabled Web site

 Web server assigns a unique session ID to each

user when the user starts a session

 Scripts store and access user information through

the session ID

Working with Sessions - II

PHP / Session 18 / Slide 11 of 27

Lifecycle of Sessions

 Starting the session

 Registering the session variable

 Ending the session

Starting a Session

 Also called as initializing a session

 Session starts when a user logs on to the Web site

 session_start() function enables to start a session

PHP / Session 18 / Slide 13 of 27

Session Files

 Created when a new session starts

 Created on a Web server

 Created in the /tmp directory

 File name based on unique session identifier value

that PHP engine generates

 File naming convention:

sess_<32_digit_hexadecimal_value>

session_start() Function

 Must be specified on the top of every Web page or

before the start of the actual coding

 Always returns True

Registering the Session Variable

 Session variables need to be registered with the

session library to work with the sessions across all

the Web pages

 Session library enables:

 Creation

 Serialization

 Storage of session data

PHP / Session 18 / Slide 17 of 27

Methods to Set Session Variable

 $_SESSION[] - Recommended for PHP 4.1.0

 $HTTP_SESSION_VARS[] - Recommended for

PHP 4.0.6 or less

 session_register() - Not recommended as it has

deprecated

Ending a Session

 session_destroy() function used to end a session

 Removes the session file from the system

 $PHPSESID cookie is not removed from the Web browser

PHP / Session 18 / Slide 19 of 27

Working with php.ini File - I

 PHP interpreter works according to the specifications made

in the php.ini file

 Located under the /usr/local/php4/lib directory

Options in php.ini File - I

 Language Options

 Enables PHP scripting language engine under Apache

 Allows ASP style tags

PHP / Session 18 / Slide 21 of 27

Options in php.ini File - II

 Resource Limits

 Indicates the maximum time for script execution

 Indicates the maximum amount of memory a script requires

 Error handling and logging

 Reports all errors and warnings

 Reports fatal compile time errors

 Reports fatal run-time errors

 Data Handling

 Controls list of separators used in PHP generated URLs to

separate arguments

Options in php.ini File - III

 Sets magic quotes for incoming Get, Post, Cookie data

 Uses Sybase style magic quotes

 Specifies the name of the directory under which PHP

opens the script

 Indicates whether or not to allow HTTP file uploads

Indicates the maximum allowed size for upload files

where the session files will be stored session.use_cookies Indicates whether PHP must send

session ID to the Web browser through

a cookie session.use_only_cookies Indicates whether the modules can use

only cookies for storing session IDs

Options in Session Category - II

Options Description

session.cookie_lifetime Specifies the lifetime of the cookie

session.name Manages the cookie name and form attributes

such as GET and POST that holds the session ID

session.auto_start Enables sessions to automatically initialize if the

session ID is not found in the browser request session.cookie_secure Specifies whether or not the cookies must be sent

over secured connections

PHP / Session 18 / Slide 25 of 27

Summary - I

 Cookies provide us with the functionality of storing

temporary Web user information

 Sessions enable PHP store user information on the

Web server

 Sessions enable Web sites store user requests and

information on the Web

 Lifecycle of Session:

 Starting a session

 Registering a session variable

 Ending a session

 Storage of session data

 Methods to set session varaible

 $_SESSION[]

 $HTTP_SESSION_VARS[]