A PHP session allows you to keep information about a visitor who browses your website. A system must exist to allow you to keep track of the inputs and parameters associated with the user when he leaves a page and/or opens another. Normally when a visitor leaves your website and closes his internet session, his PHP session is destroyed and all the information associated with him is lost. If you want to permanently store this information, you must store it in a database. The sole purpose of a session is to allow transmission of the information from one webpage to another during the time that a visitor is visiting your website and not to permanently store this information on your server.
- Starting a PHP session
A PHP session is started with the PHP command session_start() . This command must be placed before the tag. When a PHP session is started, a unique user ID is attributed to identify the PHP session until it terminates (when the visitor leaves your website or when you destroy it). The session_start() command must be called on each page where you want to transmit the session information. If you redirect the visitor towards another page on which the session_start() is omitted, then the information relative to his current session will not be made available on the redirected page. However, the session still exists and can be resumed on another page by calling session_start() again. However, if the visitor closes his internet session in the browser, the PHP session will be lost.
- Accessing PHP session data
When a PHP session is opened, the session information must be stored within the global array variable $_SESSION. For example if $_SESSION[‘username’]=’johnny’ is set from aweb page where the PHP session is active, it will be possible to access/modify the content of this variable on any other webpage of the website, on conditon that the session is active on that page.
The data contains delicate and sensitive information that relates to PHP sessions of important business and therefore has to be kept safe and secure because it becomes dangerous in the wrong hands as the $_SESSION is a relevant preventivo sito internet that has its merits for the experts dealing in PHP.
- Destroying a PHP session
To terminate the current PHP session you use the PHP command session_destroy() . Provided this the session is active on the page from where you are trying to destroy it. In so doing, you will unset the $_SESSION variable.
- Transmission of the Session ID via URL or via the cookies
The transmission of the User ID (UID) is done either via the URL (much like the GET method for HTML forms) or via cookies (more like the POST method for HTML forms). The cookies method will be adopted by default, but if the visitor’s cookies are disabled then the session ID will automatically be passed via URL.
- PHP sessions Security issues
PHP sessions are easily intercepted. For example, if the UID is transmitted via URL, it can simply be extracted from the URL especially if your user is sent to another website through a link containing his UID. That website will be capable to intercept the UID and thus access the user’s PHP session information. Likewise, if someone else manages to intercept the visitor’s session cookie, he will be able to take his identity and access his PHP session.