Session Management with PHP, part-1


“We all know HTTP is stateless protocol, it means that web server cannot identify the subsequent request from a particular user”.To understand better, let see how the request works

let’s say we want to access an URL (URL stands for Uniform Resource Locator. A URL is an Internet web address that connects your computer to an image, file, page, or program on the Internet) “”.
let’s assume there is a website that sells the products and user want to buy one of them.

So user opens the browser and types the URL in browser location bar.
when user click to go or press enter, a web page containing detail from render on the browser,
behind the scene, below is happening

* user is connected to internet,
* user make a request to browser(client) to access,
* browser does not know where the is, i.e., to which server is hosted
* browser send a request to DNS lookup query, this is the query that tells the unique IP address of server, to which browser will make a request.
* internally , browser will create a DNS lookup query, this will be propagated to your internet service provider, subsequently , it will followed by DNS server, those will resolve the query and will tell the browser about the IP address of
* as soon as , browser find out the IP address of machine, it sends a communication request to that machine.
* server checks the request , there is software (web-server) on server machine, which interprets these request.
* after interpreting, it sends back the response to client.
* because client also has send it’s machine IP in request , so response is directly propagated to that machine using the internet.
* response reaches the client machine, client machine tell the client software (browser) that response has received, now client interprets the response .
* client render the response that is displayed to user.

For subsequent request, same process follows, however, caching is there at each level, so that process it superfast.

Note : Client or client software is used to referring browsers (chrome, firefox or even utility that sends the request), Server or Server Software generally refers to the webserver where the site is hosted.”

so the page is displayed to the user,
and let’s say, it shows  multiple products to the user,
user clicks on a product to add it to his cart, it means the user is telling to the server that I want to buy this product.

this is another request, it follows the same process. till now, all the request are independent.

Now let’s say the server wants to tell something to that particular user.
so server assigns a particular unique code in response to the client, that client must send in each following request to claim it’s identity. so that client and server can have mutual handshaking.

It is referred to session id/session key.

Now, it is client responsibility to send the session id in next following request to the server to claim it’s identity which is sent by the server in response.

that can also be done in multiple ways.

to know more about that ,we need to understand how client can send parameter to server.

communication between client and server is done using HTTP protocol in which there are two parts of data.
a) header [request header, response header]
b) body [request body, response body]

some request header are standard followed by all major browser and server.

the simple mean to say  is,

www is the interaction between client user (end user who is using browser) and server. Client software is used to just parse the repose in readable form.
while, because of usability issue, we can not ask our client user to remember the sesison id provided in response and send it every time. it should be done automatically.
so we had two ways
1) write a mechanism in server response so that particular session id is sent on every next requet to server , using HTTP verb (GET , POST etc.) as you may have seen that in as a parameter in URL. But , in case of ignorance by end user, it may lead to security risk.

2) to overcome the first one, all browser provide a functionality that is called cookie, that can store a piece of information, and browser sent these cookies along with header in every next request automatically. So there is no need to alter response jsut for session key.

this is all theory, how this is in working with PHP, let’s see in next session.

Leave a Reply

Your email address will not be published. Required fields are marked *