Using a PHP Session

How to Use Sessions to Pass PHP Variables Between Web Pages

Mar 16, 2009
Mark Alexander Bain

PHP Sessions - Mark Alexander Bain

A PHP programmer can easily pass data between the pages of a PHP application by making use of a session. This can be very useful - especially when logging on.

A PHP session provides an easy, but effective, way of passing variables between web pages in a PHP application. The session starts when a PHP site is accessed and ends when the user closes their web browser. Once the PHP session has been started then the developer is able to create variables that will be available to any other PHP pages that are subsequently opened. These variables are all stored in a single array - $_SESSION.

Starting the PHP Session

Some web servers will start a session automatically as soon as a PHP page is accessed (depending on the settings in php.ini). However, in most cases the session is started manually by using the session_start method:

<?php

session_start();

The session_start method will:

create a new session ID number. If required this can be read by using the session_id method, for example:
echo session_id();
This will produce an output something like:
d4011266ba86c73b4fe8e041197f1471
store the session variables in a file. Normally this is the system temp directory.
pass the session id from page to page. This is done by using either cookies or, if that's not possible, as part of the URL
read the session file (if it exists) and load the variables into the $_SESSION array

However, all that the programmer needs to be aware of is how to access the variables from each PHP web page.

Using the PHP $_SESSION Array

The PHP session's $_SESSION array can be used in exactly the same way as any other PHP array. For example variables can be read from and written to the array - in this case a session variable named passed_data is used in the file session_demo_1.php:

<?php

session_start();

echo $_SESSION['passed_data'] . "<br>";

$_SESSION['passed_data'] = "Data from first PHP file";

<a href="session_demo_2.php">Second part of demo</a>

And, of course, that same data can be accessed from a second PHP file (the session_demo_2.php file in the first file's link):

<?php

session_start();

echo $_SESSION['passed_data'] . "<br>";

$_SESSION['passed_data'] = "Data from second PHP file";

<a href="session_demo_1.php">First part of demo</a>

This technique can be put to good use by keeping track of whether a user has logged on or not.

Logging on to PHP Sessions

A PHP session enables a web site programmer to restrict access to content depending on whether the user has logged on or not.This is done by:

querying a session variable
displaying a login page if the session variable is not set
displaying the required information if the session variable is set

For example:

<?php

session_start();

if (!isset($_SESSION['logged_in'])) {

$_SESSION['referrer'] = "session_login_index.php";

header ( "Location: login.php" );

} else {

$username = $_SESSION['username'];

echo "Hello ". $username ;

}

This can be used as the basis for any web page on the web site, used in conjunction with the login page (login.php) itself:

<?php

session_start();

if ((isset($_REQUEST['password'])) && ($_REQUEST['password'] == "chocolate")) {

$_SESSION['username'] = $_REQUEST['username'];

$_SESSION['logged_in'] = True;

header ( "Location: " . $_SESSION['referrer']);

} else if (isset($_REQUEST['password'])) {

echo "Incorrect username or password";

}

User name:<input name=username value=

<?php

if (isset($_REQUEST['username'])) {

echo $_REQUEST['username'];

}

Password:<input type=password name=password>

<input type=submit value='Log in'

</form>

In this way the protected data will only be displayed once the user has logged on.

Summary

A PHP session exists from the time that a PHP web page is opened until the web browser is closed. It is started by using the session_start method. Once the session has been started then variables can be passed from PHP page to PHP page by using the $_SESSION array.

Mark Alexander Bain - Mark Alexander Bain is a writer, Mo Bro and consultant for all aspects of software development at dsquared. He has also written regularly ...