Chapter 10 Managing State Information Using Sessions
PHP Programming2 Problems with Cookies Not every client computer is secure Cookies may be accessible to hackers Many client computers do not accept cookies Spyware gathers user information from a local computer for marketing and advertising purposes without the user’s knowledge
PHP Programming3 Using Sessions A session is a continuous period of access A session is created for each user that requests a PHP page from a Website During a session, a PHP script stores state information on a Web server Only available for current browser session Allows you to maintain state information even when clients disable cookies More secure than cookies
PHP Programming4 Starting a Session Use the session_start() function Starts a new session or continues an existing one Generates a unique session ID A random alphanumeric string like: 7f39d7dd020773f115d753c71290e11f Creates a text file on the Web server Same name as the session ID, preceded by sess_ Call session_start() before any HTML output
PHP Programming5 Starting a Session (continued) Stored in the Web server directory specified by session.save_path directive in php.ini configuration file session_start() does not accept any parameters, nor does it return a value <?php session_start();...
PHP Programming6 Session ID If a client’s Web browser is configured to accept cookies, the session ID is assigned to a temporary cookie named PHPSESSID Pass the session ID as a query string or hidden form field to any Web pages that are called as part of the current session Use session_id() to retrieve Session ID <?php session_start(); echo “Session ID:”. session_id(); ?>
PHP Programming7 Working with Session Variables Session state information is stored in the $_SESSION autoglobal When session_start() function is called: PHP initializes a new $_SESSION autoglobal or Retrieves any variables for the current session (based on the session ID) into the $_SESSION autoglobal Calling session_start() while an existing session is in progress does not create a new session If session_start() is not called, $_SESSION values will not be available
PHP Programming8 Working with Session Variables <?php session_start(); $_SESSION['firstName'] = “Mickey"; $_SESSION['lastName'] = “Mouse"; $_SESSION['occupation'] = “actor"; ?>
PHP Programming9 Working with Session Variables Use the isset() function to ensure that a session variable is set before you attempt to use it <?php session_start(); if (isset($_SESSION['firstName']) && isset($_SESSION['lastName']) && isset($_SESSION['occupation'])) echo $_SESSION['firstName']. " ". $_SESSION['lastName']. " is an ". $_SESSION['occupation']; ?>
PHP Programming10 Deleting a Session Variable Use unset() function against the appropriate entry in $_SESSION[]
PHP Programming11 Deleting a Session To delete a session manually: 1. Execute the session_start() function 2. Use the array() construct to reinitialize the $_SESSION autoglobal 3. Use session_destroy() to delete the session <?php session_start(); $_SESSION = array(); session_destroy(); ?>
Fruit Enter your favorite fruit:  storeFruit2.php showFruit2.php getFruit2.php
PHP Programming13 Practice Modify your login form so that it uses session variables instead of cookies to store the login name and password.