tags:

views:

56

answers:

4

What is this really? It starts a current session based on cookies? Got that from the PHP Website. How does like...PHP control the session. If I start a session when a user opens up my login page, what do I even use that session for. What does closing a session actually do. Can I use the current session to get info about the logged in user?

I'm so lost...

A: 

PHP's session_start starts OR resumes an HTTP session, which is explained fairly well in this article:

http://en.wikipedia.org/wiki/Session_(computer_science)

The concept of an HTTP "session" isn't specific to PHP, it's used in many (all?) server side HTTP frameworks as one way to allow for some state to be stored/associated across different request/responses (since HTTP is stateless). A unique token (which is often, but not always, stored in a cookie) identifies a particular client, and the server can associate the "session."

Here's some more info about sessions and PHP in particular that may help: http://www.php.net/manual/en/book.session.php

Charlie Collins
A: 

Like it says in the Manual

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.

If you start a new session at your login page, the session is initially empty. You can store in it whatever you want, for instance, store the user id once the user has logged in. The session data is destroyed when you close the session.

You might want to read all chapters in the Session Extension Manual Pages and also see

Gordon
+5  A: 

The PHP session system lets you store securely data in the $_SESSION global array. A typical example is to store the user's identifier in the session when they type in their password:

if ($user = try_login($login, $password)) 
  $_SESSION['user'] = $user;

Then, you can access that information on all other pages:

if (isset($_SESSION['user']))
  // logged in !
  echo user_name($_SESSION['user']);

The data is stored on the server, so there is no risk of tampering (on the other hand, mind your disk usage).

Starting the session lets the current request use $_SESSION. If this is the user's first visit, the array will be empty and a new session cookie will be sent for you.

Closing the session merely prevents the current request from using $_SESSION, but the data stays around for the next requests.

Destroying the session throws away all the data, forever. The sessions are destroyed a certain duration after the last visit (usually around 30 minutes).

Victor Nicollet
Oooh okay. So it's an empty global array that you can use to store user values (or other values), to maintain their unique experience within the website.
Scott
+1  A: 

I assume you want to know what a PHP session means for you, the programmer.

When you do session_start() you are telling PHP that you want to use the session. This is made available to you as an array called $_SESSION. You can use that like any other array with the difference that the stuff you put in there stays there from one page to another (provided you use session_start() at the beginning of each page).

The actual mechanism may vary depending on configuration (php.ini), but a typical installation can use cookies for the session. Let's assume that your webserver is on linux and you're using cookies. You do the following

session_start();
$_SESSION['name']='Bob';

When PHP sees this it creates a text file with a semi-random name (for example sess_a3tfkd5558kf5rlm44i538fj07), sticks the $_SESSION contents in there as plain text and then sends a cookie to the user with the session id, which can be used to find the session file (for example a3tfkd5558kf5rlm44i538fj07).

The next time the user comes back he hands in the session id in his cookie, PHP goes the the relevant file and loads its contents in $_SESSION.

You'll note that the actual information is kept on the server while the user is only given an id. Kinda like handing in your coat in a club and getting a ticket with a number on it.

Manos Dilaverakis
so if I start session on each page, how does PHP know to maintain the same info from the $SESSION variable from the last page, that cookie?
Scott
@Scott - If the user has a cookie with an session id matching an existing session (existing session file), session_start() resumes the session. Otherwise it starts a new one.
Manos Dilaverakis