HTTP is Stateless
There is nothing in the HTTP protocol that will tie subsequent requests together. This is a common problem faced by web developers when working on sites that require a shopping-cart type of functionality.
Additionally, given Apache's multi-process architecture, subsequent requests from the same user may be handled by different processes.
In larger environments, there are also multiple web servers where requests may be round-robined across or perhaps a load balancer is distributing the requests across the server farm.
When a user first visits our site we have to give them an identifier and ask them nicely to give this something back to us when they visit again. Then we tie whatever data we want to have persist across requests to this identifier. This is known as the session ID.
PHP has a number of built-in functions that implement this idea of creating a unique session id for each visitor and associating data with them. There is nothing particularly magical about these functions and you can easily come up with your own system for dealing with sessions.
To start a session use session_start() and to register a variable in this session use the $_SESSION array.
<?php session_start(); $_SESSION['my_var'] = 'Hello World'; ?>
If register_globals is enabled then your session variables will be available as normal variables on subsequent pages. Otherwise they will only be in the $_SESSION array.
<?php session_start(); echo $_SESSION['my_var']; ?>
PHP Session Configuration
session.save_handler = files ; Flat file backend session.save_path=/tmp ; where to store flat files session.name = PHPSESSID ; Name of session (cookie name) session.auto_start = 0 ; init session on req startup session.use_cookies = 1 ; whether cookies should be used session.use_only_cookies = 0 ; force only cookies to be used session.cookie_lifetime = 0 ; 0 = session cookie session.cookie_path = / ; path for which cookie is valid session.cookie_domain = ; the cookie domain session.serialize_handler = php ; serialization handler (wddx|php) session.gc_probability = 1 ; garbage collection prob. session.gc_dividend = 100 ; If 100, then above is in % session.gc_maxlifetime = 1440 ; garbage collection max lifetime session.referer_check = ; filter out external URL\'s session.entropy_length = 0 ; # of bytes from entropy source session.entropy_file = ; addtional entropy source session.use_trans_sid = 1 ; use automatic url rewriting url_rewriter.tags = "a=href,area=href,frame=src,input=src" session.cache_limiter = nocache ; Set cache-control headers session.cache_expire = 180 ; expiry for private/public caching
Cache-control is important when it comes to sessions. You have to be careful that end-user client caches aren't caching invalid pages and also that intermediary proxy-cache mechanisms don't sneak in and cache pages on you. When cache-limiter is set to the default, no-cache, PHP generates a set of response headers that look like this:
HTTP/1.1 200 OK Date: Sat, 10 April 2016 10:21:59 GMT Server: Apache/2.22 (Unix) PHP/5.6 X-Powered-By: PHP/5.6 Set-Cookie: PHPSESSID=9ce80c83b00a4aefb384ac4cd85c3daf; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html
By default PHP will store its session data in files on the local filesystem. This obviously won't work in a load-balanced architecture as we requests from the same session can span servers.
You can change the session backend datastore from a script using session_module_name().
<?php session_module_name("files"); // ASCII files session_module_name("mm"); // Shared memory session_module_name("user"); // Custom session backend ?>
You can also define your own custom session backend datastore using the session_set_save_handler() function.
<?php session_set_save_handler("myOpen", "myClose", "myRead", "myWrite", "myDestroy", "myGC"); ?>
Destroy Session useful in case of logout scenario
<?php session_start(); $_SESSION['name'] = 'w3clan'; session_destroy(); // This will destroy all session. unset($_SESSION['name']); // This will unset session ['name'] ?>
Related Results :
- Related Posts are generally User Blog posts.
- or Other tutorials from other networks of w3clan.com.
- Any registered user can create related posts based on search term tags.