15.2 Session Management

Previous page
Table of content
Next page

PHP's concept of session management is more sophisticated than working with cookies. With the help of sessions, it is possible to track a user without working with hidden fields or cookies explicitly. This has significant advantages. You gain a lot of flexibility, and working with sessions will help you to implement components much more efficiently.

Let's take a look at the basic concepts of session management. When a user visits a Web site, a unique id is assigned to the user. The session id is either stored in a cookie or is passed to the next script via the URL.

In addition to using a session id, you can register variables. These variables can easily be extracted again, and so it is a fairly easy task to pass information from one form to another.

15.2.1 Session Ids

Before working with registered variables, take a look at a basic example where sessions are used.

 <?php         @session_start();         $sid = session_id();         echo "Hello from a.php<br>\n";         echo "This is your session id: $sid<br>\n"; ?>

The first thing to do is to start a session. This can be compared to some sort of registration. In the next step the session id is generated. In this example, the script does nothing other than display the information onscreen:

 Hello from a.php This is your session id: 37f7c4e2a52c3c63b8b318b1d17fa810

As you can see, a session id is displayed. If you execute the script more than just once, the session id will be the same. If you understand why this happens, you understand the concept of session handling.

The next scenario consists of two parts. The file a.php is the starting point. The file b.php is the second file in the scenario. Let's start with a.php:

 <?php         @session_start();         $sid = session_id();         echo "Hello from a.php<br>\n";         echo "This is your session id: $sid<br><br>\n";         echo "Let's go to b.php: ";         echo '<a href="b.php">b.php</a>'; ?>

As you can see, a link to b.php has been added to the scenario. Here's the code for b.php:

 <?php         @session_start();         $sid = session_id();         echo "Hello from b.php<br>\n";         echo "This is your session id: $sid<br><br>\n";         echo "Let's go to a.php: ";         echo '<a href="a.php">a.php</a>'; ?>

The code in the file is almost the same as the one you just saw. If you go to a.php, you will see a session id. If you go to b.php, the same session id will be displayed again. If you go back to a.php, you will still have the same session id. No matter what you are doing, you will always have the same session id. However, if you close the browser and start it again, the session id will be different. This is an important point because it helps you to find out when a session is terminated.

Let's modify b.php again:

 <?php         setcookie(session_name(),"","","/");         @session_start();         $sid = session_id();         echo "Hello from b.php<br>\n";         echo "This is your session id: $sid<br><br>\n";         echo "Let's go to a.php: ";         echo '<a href="a.php">a.php</a>';         echo "<br>name of session: ".session_name()."<br>\n"; ?>

As you have already seen, sessions can be cookie-driven. In this case a cookie is set. This cookie has the same name as the current session. Therefore a session can easily be deleted by setting the cookie to an invalid value as in this example. When you run the script now, you will see that the session id changes when calling a.php.

PHP offers a function called session_destroy(). However, this function does not do the same as what you have just seen. You must keep in mind that the session can be passed to the next screen using the URL as well, and you must take this into consideration when deleting a session.

15.2.2 Registering Variables

Passing data from one screen to another is an important task. PHP's session library provides an easy way to store variables across multiple screens. Variables can be registered within a session. These variables will be available automatically and can be used by the user safely.

Again, you will see a scenario consisting of two files. Let's have a look at a.php:

 <?php         @session_start();         $sid = session_id();         echo "Hello from a.php<br>\n";         echo "This is your session id: $sid<br><br>\n";         echo "message: $message<br>\n";         $message = "Registered in a.php<br>\n";         session_register("message");         echo "Let's go to b.php: ";         echo '<a href="b.php">b.php</a>'; ?>

After a session starts, the session id is displayed. In addition, a variable called $message will be displayed on screen. In the next step, $message is registered in the session. Finally a link to b.php is displayed:

 <?php         @session_start();         $sid = session_id();         echo "Hello from b.php<br>\n";         echo "This is your session id: $sid<br><br>\n";         echo "message: $message<br>\n";         $message = "Registered in b.php<br>\n";         session_register("message");         echo "Let's go to a.php: ";         echo '<a href="a.php">a.php</a>'; ?>

It is the exact counterpart of a.php. It displays $message and registers it again. When you run the script, you will see that a variable will be available in the next script when you click on the link. In a.php, $message, which has been registered in b.php, will be displayed. In b.php, the variable defined in a.php will be displayed.

The output of b.php might look like this:

 Hello from b.php This is your session id: 963d468e5e21042a6175af7a53f0cc95 message: Registered in a.php Let's go to a.php: a.php

The example shows quite well what working with registered variables is all about. The only thing you have to do is to tell PHP which variables must be passed to the next sheet. This will help you to avoid dozens of hidden fields, and it will save a lot of overhead because the entire system works reliably.

Let's modify b.php again:

 <?php         @session_start();         $sid = session_id();         echo "Hello from b.php<br>\n";         echo "This is your session id: $sid<br><br>\n";         echo "message: $message<br>\n";         echo "Let's go to a.php: ";         echo '<a href="a.php">a.php</a>'; ?>

This time no variable is registered in b.php. In this case the content of $message will always be "Registered in a.php". This is an important point because no data can get lost when registering variables across multiple screens.

In the next step, you can see what happens to arrays and objects:

 <?php         @session_start();         $sid = session_id();         $message = unserialize($x);         echo "message 0: ".$message[0]."<br>";         echo "message 1: ".$message[1]."<br>";         $message[0] = "field number one\n";         $message[1] = "field number two\n";         $x = serialize($message);         echo "serialized version: <br> $x<br>\n";         session_register("x");         echo "<br>Let's restart a.php: <br>";         echo '<a href="a.php">a.php</a>'; ?>

The most important point when you're working with arrays is to serialize them before calling session_register; otherwise, the system won't work. Serialization means that an object or an array is transformed to a string. This way it can be processed just like any other string. This is the fastest way to pass objects from one screen to another. To make an object out of a serialized string again, you can use unserialize.

Let's have a look at the output of the script shown in the preceding listing. You have to run it twice in order to see what happens:

 message 0: field number one message 1: field number two serialized version: a:2:{i:0;s:17:"field number one ";i:1;s:17:"field number two ";} Let's restart a.php: a.php

As you can see in the listing, the values are available. In addition, the serialized string has been displayed. It contains all the information you will need.

If you want to find out if a variable has already been registered, you can use the session_is_registered command. The next example shows how to use this command:

 <?php         @session_start();         $sid = session_id();         $message = unserialize($x);         $message[0] = "field number one\n";         $message[1] = "field number two\n";         $x = serialize($message);         session_register("x");         $val = session_is_registered("x");         echo "val: $val<br>\n";         session_unregister("x");         $val = session_is_registered("x");         echo "val: $val<br>\n";         echo "<br>Let's restart a.php: <br>";         echo '<a href="a.php">a.php</a>'; ?>

The next listing shows what happens if you execute the script twice:

 val: 1 val: Let's restart a.php: a.php

The first time, session_is_registered returns 1 because $x has been registered the line before. In the next step, $x is unregistered, so session_is_registered does not return 1 any more.

15.2.3 Additional Features

PHP's session library provides some additional features such as caching. However, these functions are not as important as the functions you have just dealt with. To avoid confusion, these functions won't be discussed here.

Previous page
Table of content
Next page
PHP and PostgreSQL. Advanced Web Programming2002
PHP and PostgreSQL. Advanced Web Programming2002
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 201
BUY ON AMAZON
Image Processing with LabVIEW and IMAQ Vision
Oracle Developer Forms Techniques
A Practitioners Guide to Software Test Design
802.11 Wireless Networks: The Definitive Guide, Second Edition
MPLS Configuration on Cisco IOS Software
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy