Session Management with PHP, part-2

php

In the previous session

, we talked theoretically,  now let’s come to implementation.

So In PHP, Session can be used by just writing one line of code at top of the script.

seession_start();

OMG! that’s it only!

Yes, it is! Quite Simple. Now the question comes, what is happening when we are writing this line.

Actually, when PHP parser checks that this line is present, it invokes its functionality of session management.

I will explain behind the scene later, first we check how do we store/access the values stored in session.

So PHP provides you a global variable that is $_SESSION that will hold all the values of the session.

session_start();

$_SESSION [‘key1’] = ‘page 1’;

print_r($_SESSION);

Oh! that is too simple. So Let’s create a php page called page_1.php . page_1.php hold this code.

user request to page_1.php in the browser and see the following output

Array ( [key1] => page 1 )

that’s cool, now let’s create a page called page_2.php with following code

$_SESSION [‘key2] = ‘page 2’;

print_R($_SESSION);

Now access the page_2.php in the browser and below is the output.

Array ( [key2] => page 2 )

oh God! where are my previous values? There might be many questions abut answer to them is just one line.

session_start();

now put the code at top of page_2.php and execute the page, below output should render,

Array ([key1] => page 1, [key2] => page 2 )

Ohh Yes! Now it is working. I got the thing.

You can access the page_1.php. Output must be as following

Array ([key1] => page 1, [key2] => page 2 )

Now the actual question how the magic is going on?

pre-requisite :
  • PHP version if 5.3 or above
  • browser doesn’t matter however screenshots are from chrome.
  • platform , windows or Linux or server doesn’t matter in primary case.
  • I am assuming no cookies is saved in your browser for the requested url.

So ,

  • We request to page_1.php through browser.
  • Webserver receive the request. It transfer to the php parser.
  • PHP checks, that page has session_start(), but there is no cookie in request header.
  • So it prepare a response header to instruct the browser to store the cookie that will have a key pair value. key will be PHPSESSID and a unique string.
  • It will create a temporary file that will be store on the default path mentioned in php.ini (session.save_path), usually temp path of Operating System.
  • That file(name like sess_<phpsessid value>) contains all the values that you store under $_SESSION variable.
    • key1|s:6:”page 1″;
  • Output of page_1.php is rendered on browser.
    • page_1
  • Now, when you access the page_2.php. Browser sends the previously saved cookie in request header.
  • php checks that session_start() is not in the page, it ignore the cookies values that is sent in request.  $_SESSION is not initialised with the previous values from the session file. $_SESSION is blank for this request.
  • Even, any assignment to $_SESSION is not updated to session file.
  • Now page_2.php is requested again with session_start(); at top of the page*.
  • Browser again sent the request with cookie.
    • page_2
  • PHP checks the session_start() is there, Cookie value is present in request header. PHP checks if there is any session file associated with provided session id in stored location as per the configuration
  • If file is there, it parse the file and initialise the $_SESSION with that, if file is not there, it will be created and will be treated as fresh request.
  • and after procession , output is sent to browser.

That’s all. Now you have understood that how the magic is happening. You can try with deleting the cookie from request , deleting the file from session storage and altering the file to check the behaviour.

Although it explain enough but questions is always there

As ,

  1. Is it only possible through cookies, if not then what and how ?
  2. Can I change the stored location?
  3. Can I  change how the data is being stored in session
  4. How can I manage the cookies and values?
  5. What are the parameter that can be configured?
  6. How to destroy session and secure the session ?

and many more…… things will be discussed in next part

Read Earlier Part

Leave a Reply

Your email address will not be published. Required fields are marked *