This section describes how sessions are supported in PHP. Session IDs are passed as cookies or GET/POST variables. session_start() is the built-in function to start a session. $_SESSION is the built-in array to manage session data.
PHP supports Web sessions with following main elements:
1. session.use_cookies = 1/0 - A setting in the configuration file, php.ini, to determine if the session ID should be
stored and managed as a cookie.
session.use_cookies = 1 (the default setting) - Managing the session ID as a cookie.
The session ID is stored in a cookie with a default name of "PHPSESSID". This "PHPSESSID" cookie will be automatically inserted into HTTP responses
and retrieved from HTTP requests by the PHP engine.
session.use_cookies = 0 - Stop storing the session ID as a cookie.
2. session.use_trans_sid = 1/0 - A setting in the configuration file, php.ini, to control if the session ID should be
stored and managed transparently as a parameter in the URL.
session.use_trans_sid = 1 - Managing the session ID as an extra transparent parameter in the URL.
The extra URL parameter contains the session ID value with a default name of "PHPSESSID".
This "PHPSESSID" parameter will be automatically inserted into all links in the HTTP response,
and retrived from HTTP requests by the PHP engine.
session.use_trans_sid = 0 (the default setting) - Stop storing the session ID as a URL transparent parameter.
3. session.save_handler = files/mm/user - A setting in the configuration file, php.ini, to control how session data
should be stored.
session.save_handler = files (the default setting) - Storing session data as files in a directory defined in the
session.save_path = "/tmp" setting.
session.save_handler = mm - Storing session data in shared memory.
session.save_handler = user - Storing session data through user-defined functions.
4. session_start() - A built-in function to create a new session or resume an existing session.
When session_start() is called, the PHP engine will check the current HTTP request to see if an existing session ID
is included or not.
If no session ID is found, the PHP engine will create a new session with a new session ID.
If a session ID is found, the PHP engine will restore the session identified by this session ID.
If the restored session has been timed out, an error will be issued.
5. $_SESSION - A built-in array attached to the current session acting as a storage.
You can store any number of key-value pairs in $_SESSION in a PHP script and retrieve them later
in another script if it shares the same session as the first script.
6. session_name() - A built-in function to set and get the name of the current session.
7. session_id() - A built-in function to set and get the session ID of the current session.
8. session_destroy() - A built-in function to destroy the current session.
When the current session is destroyed, information stored in $_SESSION will be removed.
