PHP Sessions

Besides cookies, there is another way to pass information to different web-pages: sessions. A session-enabled page allocates unique identifiers to users the first time they access the page, and then reassociates them with the previously allocated ones when they return to the page. Any global variables that were associated with the session will then become available to your code. The difference between sessions and cookies is that a session can hold multiple variables, and you don't have to set cookies for every variable. By default, the session data is stored in a cookie with an expiry date of zero, which means that the session only remains active as long as the browser. When you close the browser, all the stored information is lost. You can modify this behavior by changing the "session.cookie_lifetime" setting in "php.ini" from zero to whatever you want the cookie lifetime to be.
PHP uses several functions to deal with sessions. Before you start the actual work with sessions, you must explicitly start a session with "session_start()". If you want sessions to start automatically, you must enable the "session.auto_start" setting in PHP's configuration file. This way a session will be initiated for every PHP document. After you have started a session, you have access to the session ID via the "session_id()" function. After you're done with the session, you can destroy it using "session_destroy()". The following script always assigns a new session ID:
session_start(); //starts or resumes a function
print "Your session ID is: " . session_id(); //displays the session ID
session_destroy(); //ends the session; comment this line and the browser will output the same session ID as before
While accessing the unique identifier is a good start, the main objective of a session is to hold the values of variables. You must register variables to a session using the "session_register()" function before you try to read them on a session-enabled page. Also, you should remember that when you register a variable to a session, and then change the variable's value, the altered value will be reflected in the session file. Finally, remember that "session_register()" requires you to pass as an argument the variable name, not the variable itself:
session_start();
if(isset($stored_var))
{
print $stored_var; //this will not be displayed the first time you load the page, because you haven't registered the variable yet!
}
else
{
$stored_var = "Hello from a stored variable!";
session_register("stored_var"); //don't do this: session_register($session_var)
}
As you can seen, you can test if a variable is assigned using the "isset()" function. While this works with all of the script's variables, to only check variables registered with a session you should use "session_is_registered()" function. You must again pass as an argument a string containing the variable name, and the function will return TRUE if the variable has been registered within the session.
session_start();
if(session_is_registered("stored_var"))
{
print $stored_var;
}
else
{
$stored_var = "Hello from a stored
variable!";
session_register("stored_var"); //don't do this: session_register($session_var)
}
As you've read before, "session_destroy()" is used to clean up the session variables, and end the session. However, "session_destroy()" does not destroy the session's variables, and they will remain accessible to the rest of the script in which "session_destroy()" is called.
session_start();
session_register("test");
$test = 12;
session_destroy();
print $test; // outputs 12
If you want to remove the registered variables, you need to use the session_unset() function. This destroys all variables associated with a session, both in the session file and within the script.
session_start();
session_register("test");
$test = 12;
session_unset(); //$test is destroyed
session_destroy();
print $test; //outputs nothing