PHP : Sessions

In PHP, sessions provide a way to store information across multiple pages for a single user. Sessions are more secure than cookies for storing sensitive data because the data is stored on the server, and only a session ID is stored on the client side. Here's a guide on how to work with sessions in PHP:

Starting a Session:

To start a session, you use the session_start() function. This should be called at the beginning of every page where you want to use session variables.

<?php session_start(); ?>

Setting Session Variables:

You can set session variables by assigning values to `$_SESSION`.

$_SESSION['username'] = 'JohnDoe'; $_SESSION['user_id'] = 123;

Accessing Session Variables:

You can access session variables anywhere after starting the session.

<?php session_start();

if(isset($_SESSION['username'])) { echo "Welcome, " . $_SESSION['username']; } else { echo "You are not logged in."; } ?>

Removing Session Variables:

To remove a specific session variable, you can use unset().

unset($_SESSION['username']);

Destroying a Session:

To completely destroy the session and delete all session data, you can use session_destroy(). This is commonly used for logout functionality.

session_destroy();

Session Lifetime and Configuration:

You can configure session lifetime and other settings in the PHP configuration or in your script using session_set_cookie_params().

// Set session lifetime to 1 hour session_set_cookie_params(3600);

// Start the session session_start();

Example:

Here's a simple example of a login system using sessions:

login.php (Login Form):

<?php session_start();

if(isset($_SESSION['username'])) { header("Location: profile.php"); exit(); }

if($_SERVER["REQUEST_METHOD"] == "POST") { $username = $_POST['username']; $password = $_POST['password'];

// Check username and password (this is just an example) if($username === 'user' && $password === 'password') { $_SESSION['username'] = $username; header("Location: profile.php"); exit(); } else { $error = "Invalid username or password"; } } ?>
<!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <h2>Login</h2> <?php if(isset($error)) { echo $error; } ?> <form method="post" action=""> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" value="Login"> </form> </body> </html>

profile.php (Profile Page):

<?php session_start();

if(!isset($_SESSION['username'])) { header("Location: login.php"); exit(); }

$username = $_SESSION['username']; ?> <!DOCTYPE html> <html> <head> <title>Profile</title> </head> <body> <h2>Welcome, <?php echo $username; ?></h2> <p>This is your profile page.</p> <a href="logout.php">Logout</a> </body> </html>

logout.php (Logout Page):

<?php session_start(); session_destroy(); header("Location: login.php"); exit(); ?>

Explanation:

login.php: This page displays a login form. If the user provides correct credentials, the session variable $_SESSION['username'] is set, and they are redirected to profile.php.
profile.php: This page displays the user's profile if they are logged in (session variable is set). If not, they are redirected to login.php.
logout.php: This page destroys the session (logs the user out) and redirects them to login.php.

This example demonstrates a basic login system using sessions. It checks if the user is logged in on each protected page (profile.php) and redirects to the login page (login.php) if not. The logout page (logout.php) destroys the session and logs the user out.

Index