PHP Sessions

I l @ ve RuBoard

Let's first look at what session data is and how it is handled.

What Is Session Data?

Session data is data that can be stored for later use in a web application. Note that session data is ASCII data only (such as letters and numbers ). It is saved to a standard ASCII text file in a temporary location on your web server's hard drive. Sessions can contain binary data and therefore can include malicious or harmful code or information such a virus. However, most modern browsers have built-in security features, so the risk is small (and can be reduced further with antivirus software).

When a session is created, PHP creates a temporary file (known as a session file) on the web server's hard drive and creates a unique random ID for that file. So that it knows which user using the web application (using a web browser) created that session ID, PHP also creates a temporary file known as a cookie on the user 's computer.

When a user visits another PHP page that needs that session data, the PHP page first looks at the ID from the user's cookie and then loads the correct session data from the session file on the web server using that ID (see Figure 5.1).

Figure 5.1. How PHP creates session data.

graphics/05fig01.gif

Sharing Session Data in a Stateless Environment

A stateless environment is when a computer cannot hold the information it has been sent (in a cookie). Therefore, it must request the data it needs from the server rather than hold a copy itself.

This might be because the user's browser does not support cookies, in which a copy of the data is stored (although this is rare), or because, for security or other reasons, a user's browser has been set to reject cookies being set. PHP can still maintain state in this circumstance by passing the session ID in the URL instead of using cookies. If you disable cookies in the browser and run any of the scripts that we develop later in the chapter, you can see the session ID in the URL. For example:

 http://localhost/setsession.php?PHPSESSID=627f11bb2d08cc8bffcac28e2cdacd2f 

Note that the session ID is referenced using a special parameter called PHPSESSID. PHP uses this parameter to recall data from the session that references this session ID within the session file. Also note that PHP can share session data in HTML forms. Switching between using URL and hidden form fields is left to PHP's automatic transparent URL/Form rewriter.

Sharing Session Data Between PHP Scripts

To show you how you can share session data across two PHP scripts, I have created a script (which saves the session data) to load another PHP script as follows .

Listing 5.1 The Set Session PHP Script
 <?php  //data to save  $sessdata="Andrew";  //start session  session_start();  //save data to session  session_register("sessdata");  ?>  <A HREF="setsession2.php">Next -></A> 

You first define the data you save to a session:

 $sessdata="Andrew"; 

Next you start a session:

 session_start(); 

You then save your data to a session:

 session_register("sessdata"); 

I have also added an HTML hyperlink that points to another PHP script that displays data within our session:

 <A HREF="setsession2.php">Next -></A> 

The PHP script that displays the data is as follows.

Listing 5.2 The Load Session PHP Script
 <?php  //start session  session_start();  //print session data  print("$sessdata");  //remove session  session_destroy();  ?> 

First, a session is started:

 session_start(); 

PHP references items in a session by the name of the variable that was stored in the session. In this example, the variable is called $sessdata , so you reference $sessdata to recall any data from it:

 print("$sessdata"); 

Note that you tell PHP that $sessdata is a PHP variable simply by starting a session. If you don't do this, PHP assumes that $sessdata is a variable local to the script and not a session variable. To complete the script, you can remove the session:

 session_destroy(); 

If you run the first script and click the hyperlink to load the second script, you should see the session data displayed.

Storing Multiple Items in a Session

PHP lets you store multiple items in single session.

 <?php  //data to save  $sessdata1="Andrew";  $sessdata2="Emma";  //start session  session_start();  //save item 1 to session  session_register("sessdata1");  //save item 2 to session  session_register("sessdata2");  ?>  <A HREF="setsession_mutp2.php">Next -></A> 

First, you define two sets of the data you want to save to a session:

 $sessdata1="Andrew";  $sessdata2="Emma"; 

Next, you start a session:

 session_start(); 

You then save both sets of the session:

 session_register("sessdata1");  session_register("sessdata2"); 

To view the session, I have created another script. You link to that page using an HTML link:

 <A HREF="setsession_mutp2.php">Next -></A> 

This script looks like the following:

 <?php  //start session  session_start();  //print item1 from session  print("$sessdata1");  print("<BR>");  //print item2 from session  print("$sessdata2");  //remove session  session_destroy();  ?> 

You first start the session:

 session_start(); 

You then recall and display each item with the session. (Remember the script early in the session where you recall items from the session using the name of the variable that was stored to the session.)

 print("$sessdata1");  print("$sessdata2"); 

Finally, you delete the session:

 session_destroy(); 
Changing the Directory Where PHP Saves Session Files

By default, PHP saves session files to your system's temp directory. However, PHP lets you alter this location through the PHP.ini file or directly in your code. In both of the following examples, I have created a sample directory in my C:\WINNT\Temp\directory called phpsess, so my target directory is C:\WINNT\Temp\phpsess\. Of course, you can use any directory you choose. In most cases, you won't need to alter the location of the directory where PHP saves session files. However, should you ever need to, PHP does provide the functionality to do so.

Using the PHP.ini File

PHP saves session files using the session.save_path directive within the PHP.ini file. If I set mine to our target directory and run a PHP session script (anything we developed earlier will work), the session file is created in the target directory, as shown in Figure 5.2.

Figure 5.2. A PHP session file stored to the hard drive.

graphics/05fig02.gif

Using PHP Directly

Using PHP, you can use the session_save_path function to set the session file path :

 <?php  session_save_path("C:\WINNT\Temp\phpsess");  //data to save  $sessdata1="Andrew";  //start session  session_start();  //save data to session  session_register("sessdata1");  ?> 

Here I have set session_save_path to the target directory:

 session_save_path("C:\WINNT\Temp\phpsess"); 

Note that you must always use this function before you set or get session data in your PHP code.

I l @ ve RuBoard


PHP Programming for Windows
PHP Programming for Windows (Landmark (New Riders))
ISBN: 0735711690
EAN: 2147483647
Year: 2002
Pages: 99

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net