PHP Session | start, destroy and working with session variables

What is a session in PHP?

PHP Session variable is a way to store information in variables that can be used in multiple pages or across the website during that visit of a user. The session stores information on the server side unlike cookies, that store information on the user’s computer. Alternatively, you can say that session variables scope is global, unlike the normal variable which scope is specific to that page or a function.

As your website becomes more complicated, there will be a time when you need to store information to remember a particular visitor actions or data while navigating to the other pages. A basic HTML site does not allow to store information that can be used across the website. The sessions variables provide that mechanism.

For instance, in an eCommerce site, storing shopping cart items that have been added to the basket during that visit. Users keep on surfing other pages of the website, however, selected items are still shown.

Similarly, storing login information for a session.

The information stored in session PHP variables is temporary and finishes as the session ends or dies. For example, the user has closed the website.

How to start sessions

Now let us go through how session variable works. What we need to store user’s information and then using it to perform required actions.

This is how you can start a session:

So what it takes to start a session? You simply write the command, session_start();. This command should be placed on the top of the page even before HTML code. You must have to start the session in order to work with it.

So what actually happens when a session is started?

  1. PHP creates a random unique identifier string of 32 hexadecimal numbers for that particular session. e.g. 9d5gpk75d2jj973hjkop2fc934s2578 (session id)
  2. To store that unique identifier, a cookie is automatically sent to user’s computer. This cookie is called PHPSESSID.
  3. In the specified temporary directory on the server side, a file is automatically created with the prefix sess_[unique identifier code].

Working with session variables

Let us go through by an example to see how values are stored in PHP session variables.

Name this PHP file as test_session.php.

After starting the session, this is how session variables are assigned the values.

Like in above example, use  $_SESSION[‘variable_name’]. The $_SESSION[] is an associative array where it stores all session variables.

Using Session Variable

Now create a second file and write the following code to print/echo session variable values. Name this file as print_ test_session.php.

Output

My ID is: 1234

My Name is: Mike

My Location is: United States

So in the above example, we created a session variable in one file and assigned values. In another PHP file, we simply displayed those session variables that carry the values.

Session timeout

By default, a session timeout period is set in the php.ini file (configuration file of PHP). A session will automatically be destroyed if a user’s browser is idle for a specified period.

You can change this time in php.ini or even specify session destroy time in your code file where you start a session.

Session time in PHP.ini file

Go to php.ini file and locate these variable to see and change if required:

//Sets to 60 mins

ini_set(‘session.gc_maxlifetime’,60*60);

ini_set(‘session.gc_probability’,1);

ini_set(‘session.gc_divisor’,1);

How to destroy a Session

Though PHP automatically destroys a session after the timeout or a user has left the website. You may need to destroy specific variables, which purpose has been accomplished or destroy a session completely in an explicit way.

Syntax of destroying specific session variables

Following example shows the syntax of destroying specific session variables by using PHP unset function.

Destroy session completely

In order to completely destroy a session use following: