Lesson 12: Sessions
Lesson 12: Sessions
When you visit a website, you do a number of different things. You click from one page to another. Perhaps you also fill out a form or purchase a product.
As a web developer, such information is of great importance to developing successful web solutions.
Suppose, for example, that you want to make a site where some pages are protected with login and password. To make this protection effective, the password-protected pages should have access to information on whether the user has logged in at an earlier time. You must, in other words, be able to "remember" what the user did earlier.
This is exactly what this lesson is about - how you can use sessions in PHP to store and retrieve information during a user's visit to your site.
Session
PHP session allows you to manage information about a user's session. You can write smart applications that can identify and gather information about users.
A session can begin in different ways. We will not go into technical details here but focus on the case where a session starts by a value being stored. A session ends/dies if the user hasn't requested any pages within in a certain timeframe (by the standard 20 minutes). Of course, you can also always end/kill a session in your script.
Let us say that 50 people are clicking around on the same site, e.g. a web shop, at the same time. Information on what each of them have in their shopping cart would best be stored in a session. In order to identify the individual users, the server uses a unique user ID that is stored in a cookie. A cookie is a small text file stored on the user's computer (more about cookies in lesson 13). Therefore, sessions often require support of cookies in the user's browser.
An example of using sessions
When you requested this page, I stored the current time in a session. I did this so that I can now show you an example of how a session works.
I named the item "StartTime" and stored it by adding the following line in my PHP script:
<?php session_start(); $_SESSION["StartTime"] = date("r"); ?>
Thereby, a session was started. As described above, each session is given an ID by the server.
Your session has the following ID: dc09cb94eebbbf66c1422f90fb649198
At any time, I can call the "StartTime" from the session by writing:
<?php session_start(); echo $_SESSION["StartTime"]; ?>
Which would reveal that the page was requested at Sat, 16 Feb 2013 21:13:58 +0100 (according to the clock on this web server).
But what is interesting is that the information remains in the session, even after you have left this page. The information will follow you until your session ends.
By default, a session lasts till the user closes the browser, then it dies automatically. But if you want to stop a session, it can always be killed in this way:
<?php session_destroy(); ?>
Let us try to look at another example where sessions are used: a password solution.
Login system with sessions
In the following example, we will make a very simple login system. We will use many of the things we have learned in previous lessons.
The first thing we need is a form where people can enter their username and password. It could look like this:
<html> <head> <title>Login</title> </head> <body> <form method="post" action="login.php"> <p>Username: <input type="text" name="username" /></p> <p>Password: <input type="text" name="password" /></p> <p><input type="submit" value="Let me in" /></p> </form> </body> </html>
Then we create the file: login.php.
In this file, we check whether it is the correct username and password that has been entered. If that is the case, we set a session that says that this user is logged in with the correct username and password.
<html> <head> <title>Login</title> </head> <body> <?php // Check if username and password are correct if ($_POST["username"] == "php" && $_POST["password"] == "php") { // If correct, we set the session to YES session_start(); $_SESSION["Login"] = "YES"; echo "<h1>You are now logged correctly in</h1>"; echo "<p><a href='document.php'>Link to protected file</a><p/>"; } else { // If not correct, we set the session to NO session_start(); $_SESSION["Login"] = "NO"; echo "<h1>You are NOT logged correctly in </h1>"; echo "<p><a href='document.php'>Link to protected file</a></p>"; } ?> </body> </html>
In the protected files, we want to check whether the user is logged in properly. If this is not the case, the user is sent back to the login form. This is how the protection is made:
<?php // Start up your PHP Session session_start(); // If the user is not logged in send him/her to the login form if ($_SESSION["Login"] != "YES") { header("Location: form.php"); } ?> <html> <head> <title>Login</title> </head> <body> <h1>This document is protected</h1> <p>You can only see it if you are logged in.</p> </body> </html>
Now you've been introduced to the Session object. In the next lesson, we are still working in the same area but will take a closer look at cookies.