|
Sessions
Part:
1
2
3
This chapter describes:
- What is a session.
- How use session in a PHP script.
- A session test with 3 scripts.
- How session ID can be managed without cookies.
- Where is session data stored.
What is a Session?
Session: An abstract concept to represent a series of HTTP requests and
responses exchanged between a specific Web browser and a specific Web server.
Session concept is very useful for Web based applications to pass and share
information from one Web page (request) to another Web page (request).
Since the current design of HTTP protocol does not support session concept,
all Web server side scripting technologies, including PHP, have designed their
own way to support session concept. The key design element of session support is
about how to identify a session and how to maintain the session ID (identification).
One common way to maintain the session ID is use the cookie technology.
The following diagram shows you how to do this:
Server Browser
ID created | <-- Request #1 --- |
| --- Response #1 --> | ID kept as cookie
| <-- Request #2 --- | ID send back to server
| --- Response #2 --> |
| <-- Request #3 --- | ID send back to server
| --- Response #3 --> |
| ...... |
The session concept should be managed by the server. When the first request comes
from a browser on a client host, the server should create a new session,
and assigns a new session ID. The session ID will be then send back to the same browser
as a cookie. The browser will remember this ID, and send the ID back to the
server in the subsequent requests. When the server receives a request with a
session ID in them, it knows this is a continuation of an existing session.
When the server receives a request from a browser on a new client host (request
without a session ID), the server should not only create a new session ID, it should also
create a new session object associated with the new session ID. This session object
should become the storage place for different requests of the same session to store
and share information.
If there is no subsequent request coming back for a long time for a particular
session ID, that session should be timed out. After the session has been timed out,
if the browser comes back again with the associated session ID, the server should give
an invalid session error.
PHP's Session Support
Like JavsServer Page (JSP), PHP manages the session ID with as a cookie, a GET variable, or a POST variable.
It offer a built-in array as the session object, and a number of built-in functions to allow
the PHP script to interact with the session:
- $_SESSION - A built-in array to store and share variables for the session.
- session_start() - A built-in function to create a new session or resume an existing
session based on the current session id that's being passed via a request, such as GET, POST, or a cookie.
- session_name() - A built-in function to set and get the session name.
- session_id() - A built-in function to set and get the session ID.
- session_destroy() - A built-in function to destroy all variables stored in $_SESSION.
Session Test Scripts - SessionPageN.php
To help testing the session concept, I wrote 3 PHP scripts.
SessionPage1.php:
<?php # SessionPage1.php
# Copyright (c) 2002 by Dr. Herong Yang, http://www.herongyang.com/
#
session_start();
$quantity = 3;
$_SESSION['quantity'] = $quantity;
if (isset($_SESSION['count'])) {
$count = $_SESSION['count'];
} else {
$count = 0;
}
$count++;
$_SESSION['count'] = $count;
#
print "<pre>\n";
print "\nI am buying $quantity PHP books.\n";
print "\n<a href=SessionPage2.php>Next</a>\n";
print "\nCounter = $count\n";
print "Session name = ".session_name()."\n";
print "Session id = ".session_id()."\n";
#
print "\nContents of \$_GET:\n";
foreach ($_GET as $k => $v) {
print " $k = $v\n";
}
#
print "\nContents of \$_POST:\n";
foreach ($_POST as $k => $v) {
print " $k = $v\n";
}
#
print "\nContents of \$_COOKIE:\n";
foreach ($_COOKIE as $k => $v) {
print " $k = $v\n";
}
print "</pre>\n";
?>
(Continued on next part...)
Part:
1
2
3
| 