Chapter 10 Managing State Information Using Sessions

1
Chapter 10Managing State InformationUsing
Sessions
2
Problems with Cookies

• Not every client computer is secure
• Cookies may be accessible to hackers
• Many client computers do not accept cookies
• Spyware gathers user information from a local
  computer for marketing and advertising purposes
  without the users knowledge

3
Using Sessions

• A session is a continuous period of access
• A session is created for each user that requests
  a PHP page from a Website
• During a session, a PHP script stores state
  information on a Web server
• Only available for current browser session
• Allows you to maintain state information even
  when clients disable cookies
• More secure than cookies

4
Starting a Session

• Use the session_start() function
• Starts a new session or continues an existing one
• Generates a unique session ID
• A random alphanumeric string like
  7f39d7dd020773f115d753c71290e11f
• Creates a text file on the Web server
• Same name as the session ID, preceded by sess_
• Call session_start() before any HTML output

5
Starting a Session (continued)

• Stored in the Web server directory specified by
  session.save_path directive in php.ini
  configuration file
• session_start() does not accept any parameters,
  nor does it return a value
• lt?php
• session_start()
• ...

6
Session ID

• If a clients Web browser is configured to accept
  cookies, the session ID is assigned to a
  temporary cookie named PHPSESSID
• Pass the session ID as a query string or hidden
  form field to any Web pages that are called as
  part of the current session
• Use session_id() to retrieve Session ID

lt?php session_start() echo Session ID .
session_id() ?gt
7
Working with Session Variables

• Session state information is stored in the
  _SESSION autoglobal
• When session_start() function is called
• PHP initializes a new _SESSION autoglobal or
• Retrieves any variables for the current session
  (based on the session ID) into the _SESSION
  autoglobal
• Calling session_start() while an existing session
  is in progress does not create a new session
• If session_start() is not called, _SESSION
  values will not be available

8
Working with Session Variables

• lt?php
• session_start()
• _SESSION'firstName' Mickey"
• _SESSION'lastName' Mouse"
• _SESSION'occupation' actor"
• ?gt

9
Working with Session Variables

• Use the isset() function to ensure that a session
  variable is set before you attempt to use it
• lt?php
• session_start()
• if (isset(_SESSION'firstName')
  isset(_SESSION'lastName')
  isset(_SESSION'occupation'))
• echo _SESSION'firstName' . " "
• . _SESSION'lastName' . " is an "
• . _SESSION'occupation'
• ?gt

10
Deleting a Session Variable

• Use unset() function against the appropriate
  entry in _SESSION

lt?phpsession_start()unset(_SESSIONusername
)?gt
11
Deleting a Session

• To delete a session manually
• 1. Execute the session_start() function
• 2. Use the array() construct to reinitialize the
  _SESSION autoglobal
• 3. Use session_destroy() to delete the session

lt?php session_start() _SESSION
array() session_destroy() ?gt
12
lt?php  session_start()  if (isset(_SESSION'fr
uit'))    echo "Your favorite fruit is " .
_SESSION'fruit'  else    echo "I don't know
your favorite fruit."?gt
getFruit2.php
lthtmlgtltheadgt       lttitlegtFruitlt/titlegtlt/headgt
ltbodygt ltform action"storeFruit2.php"
method"post"gt Enter your favorite
fruitnbsp ltinput type"text" name"fruit"gtltbr
/gt ltinput type"submit" value"Submit"gtlt/formgtlt
/bodygtlt/htmlgt
showFruit2.php
storeFruit2.php
lt?php  session_start()    //Value is in text
field  if (!empty(_POST"fruit"))     
 //store fruit in a session variable  
 _SESSION'fruit' _POST"fruit"     
//redirect   header("Location
showFruit2.php")?gt
13
Practice

• Modify your login form so that it uses session
  variables instead of cookies to store the login
  name and password.