Sessions Overview
HTTP is a stateless protocol, i.e it doesn't keep track of information supplied by the user's browser. For example if a user logs in to a website providing her username and password and is redirected to a different page by the server, there is no way of getting that login information from HTTP. Each request sent by the browser to the web server is independent of the other. This stateless nature of HTTP protocol allows a user to browse the internet freely, by clicking hyperlinks and visiting pages in any order. But most of the times, we need to keep track of actions performed (or the data supplied) by the user. Consider a shopping website where users orders different items from different pages and continue to shop other items, we have to keep track of items purchased by the user. This kind of information is temporarily stored on the server in Sessions.
What are Sessions?
Sessions serve like a global basket for storing temporarily data during a user's visit to a website. Each session basket is created for only one browser session, i.e when a user opens the browser and visits a website, his/her session starts (a session basket is created) and when the user closes the browser, his/her session is destroyed. Note that when the browser is closed by the user, server is not notified of this action. Actually the server has a defined time period (which can be changed), after which the session is automatically destroyed (If the users doesn't activate his/her session by sending another request with the same session id)
Starting a Session
A session is a combination of a server-side file containing all the data you wish to store, and a client-side cookie containing a reference to the server data. The file and the client-side cookie are created using the function session_start() it has no parameters but informs the server that sessions are going to be used.
The browser sends a session ID to the server with every request. The server recognizes each session with session ID supplied by the browser. The browser can send the session ID to the server either through a cookie or as a URL parameter. The default is to use the cookie, but because it's possible for a user to turn off cookies in his browser preferences, so the other technique is also used.
Storing Data in Sessions
To store a value in a session variable use the following syntax
<?
session_start();
$_SESSION['username']='admin';
?>
To read values from session variables, use the following syntax
<?
session_start();
$username=$_SESSION['username'];
echo "You are logged in as ".$username;
?>
Removing values from the session is easy, use the unset() function to remove values
<?
session_start();
unset($_SESSION['admin']);
?>
Destroying Sessions
Sessions are automatically destroyed after a defined period of inactivity from the user (default of 24 minutes). If there is no request for a specific session id for a long time, the session will be automatically destroyed. There are times when you explicitly want to destroy a session i.e when a user chooses to log out. Use session_destroy to destroy all session data explicitly
<?php
session_start( );
$_SESSION = array( );
session_destroy( );
?>
