Session handling is a very important concept in PHP, which allows user information to remain unchanged on all pages of a website or application. The following article will teach you the basic knowledge of session processing in PHP. I hope it will be helpful to you.
What is a session in PHP?
A session is a mechanism that retains information on different web pages to identify users as they browse a website or application. [Video tutorial recommendation: PHP tutorial]
Everyone must have this question: Why does the website need a session? Before discussing this issue, we need to go back and look at how the HTTP protocol works.
The HTTP protocol is a stateless protocol, which means that the server cannot remember a specific user between requests. For example, when you visit a web page, the server is only responsible for serving the content of the requested page. So when you visit other pages on the same website, the web server interprets each request individually as if they have nothing to do with each other. The server has no way of knowing that every request comes from the same user.
The following figure briefly describes the HTTP protocol.
#In this process, if you want to display the information of a specific user, you must authenticate the user in every request. Imagine if every time you make a request, you need to enter your username and password on the page for authentication; this is too cumbersome and not practical at all. However, session comes in handy at this time.
Session allows users to share information across different pages of a single site or application, so it helps maintain state. This lets the server know that all requests are coming from the same user, allowing the site to display user-specific information and preferences.
The following diagram describes how the HTTP protocol is used with sessions.
How does PHP handle sessions?
1. Start the session
Whenever you want to process session variables, you need to ensure that the session has been started. There are several ways to start a session in PHP.
1), use the session_start function
This is the most common method, in which the session is started by the session_start function.
<?php // 启动session session_start(); // 操作会话变量 ?>
Importantly, the session_start function must be called at the beginning of the script before any output is sent to the browser. Otherwise, you will encounter the infamous Headers are already sent error.
2), Automatically start the session
If you need to use the session throughout the application, you can also choose to automatically start the session without using the session_start function.
There is a configuration option session.auto_start in the php.ini file that allows us to automatically start a session for each request. By default, it is set to 0, we can set it to 1 to enable the auto-start feature.
session.auto_start = 1
2. Get the session ID
The server creates a unique id for each new session. If you want to get the session ID, you can use the session_id function as shown in the following snippet.
<?php session_start(); echo session_id(); ?>
This should give you the current session ID. The session_id function is interesting because it can also take one parameter - a session ID. If you want to replace the system-generated session ID with your own, you can provide it to the first parameter of the session_id function.
<?php session_id(YOUR_SESSION_ID); session_start(); ?>
It is important to note that when you want to start a session with a custom session ID, the session_id function must be called before session_start.
3. Create session variables
Once the session is started, $_SESSION will initialize the super-global array with the corresponding session information. By default it is initialized with a blank array, you can use key-value pairs to store more information.
Let’s take a look at how to initialize session variables through code examples.
<?php // 开启会话 session_start(); // 初始化会话变量 $_SESSION['logged_in_user_id'] = '1'; $_SESSION['logged_in_user_name'] = 'Tutsplus'; // 访问会话变量 echo $_SESSION['logged_in_user_id']; echo $_SESSION['logged_in_user_name']; ?>
As shown above, we use the session_start function to start a session at the beginning of the script; after that, we initialize several session variables; finally, we use the $_SESSION superglobal to access these variables.
When you use the $_SESSION superglobal to store data in a session, it is ultimately stored in the corresponding session file on the server that is created when the session is started. This way session data is shared across multiple requests.
As we discussed, session information is shared between requests, so session variables initialized on one page will also be accessible from other pages until the session expires. Normally, the session expires when the browser is closed.
4. Modify and delete session variables
We can modify or delete session variables previously created in the application just like modifying regular PHP variables.
Let’s take an example to see how to modify session variables.
<?php session_start(); if (!isset($_SESSION['count'])) { $_SESSION['count'] = 1; } else { ++$_SESSION['count']; } echo $_SESSION['count']; ?>
在上面的脚本中,我们首先检查了是否设置了$_session['count']变量。如果没有设置,我们将设置为1,否则我们将增加1。因此,如果多次刷新此页,可以看到计数器每次递增一个!
另一方面,如果想要删除会话变量,可以使用unset函数,如下面的代码段所示:
<?php // 开启会话 session_start(); // 初始化会话变量 $_SESSION['logged_in_user_id'] = '1'; // 取消设置会话变量 unset($_SESSION['logged_in_user_id']); ?>
这样,我们就无法再访问$_SESSION[‘logged_in_user_id’]变量了。因为它已被unset函数删除。
5、销毁会话
在上面我们知道可以使用unset函数来删除特定的会话变量;那么如果要一次删除所有与会话相关的数据,我们要怎么办?
其实很简单,我们可以使用session_destroy函数。
下面我们来看看session_destroy函数是如何工作的。
<?php //开启会话 session_start(); // 假设我们已经在另一个脚本中初始化了几个会话变量 // 销毁此会话中的所有内容 session_destroy(); ?>
说明:session_destroy函数删除存储在当前会话中的所有内容。因此,当存储在磁盘上的会话数据被session_destroy函数删除时,我们将从后续请求中看到一个空的会话变量。
注:通常,在用户注销时才会使用session_destroy函数。
以上就是本篇文章的全部内容,希望能对大家的学习有所帮助。更多精彩内容大家可以关注php中文网相关教程栏目!!!
The above is the detailed content of How to do session handling in PHP?. For more information, please follow other related articles on the PHP Chinese website!