In the post An Example of User Authentication System in PHP we created a simple authorization system which could show a personalized page when the user enters correct username and passwords. But since HTTP is a stateless protocol (it can’t figure out if two subsequent requests come from the same user) we cannot preserve the state (logged in) on ant consecutive clicks. All it means is that after logging in into that script, if the user clicks on some link, there is no way we can preserve the logged in state (know that a logged in user is requesting a page). Therefore we cannot, that way, personalize the whole site for the logged in user.
So, only logging in someone is not all, we’ve tpo preserve that state across the whole session. For this PHP gives us a easy-to-use method. We call it Session Control because it can help maintain a state throughout a session.
We implement Session Control using Session Variables whose values are preserved throughout a session. But before accessing or creating any session variable we need to begin a session with the help of the following code:
session_start();
After this we can register session variables like below:
$_SESSION['var']=1;
Above line of code will create a special variable ‘var’ having value 1. the speciality being that its value will be preserved across consecutive re quests to pages unless the session expires.
<?php
//start a session
session_start();
//create a session variable
$_SESSION['var']=1;
?>
And the following:
<?php
//start a session
session_start();
//display session varaible
echo $_SESSION['var'];
?>
Now if you request the first script followed by the second, the second one will have access to the variable set by the first one. The requesting of these two pages comprises a session and hence session variable ‘var’ is accessible to the second script. Do remember that the second script can access the session variable only if the first script was requested prior to it from the same computer and browser. If you close the browser or request the second page from other computer or browser without running the first script the session variable will not contain any value. What it means is that the client machine stores the session data.
So if ten computers set ten different session variables we may track and serve content to each of them separately and uniquely according to their authorization level. This is how ‘Actual’ User Login Systems work.
Just like starting a session, when you are through with the session acess you can close it using the following function:
session_destroy();
After invoking this no session variable will be accessible. This is what we know as logging out.
<?php
//start a session
session_start();
//display session varaible
echo $_SESSION['var'];
//destroy session
session_destroy();
//if you reload the page session
//variable will not be aceessible
//since that session was destroyed
?>
Some points to note:
-
Session by default last until it is explicitly destroyed or when the browser is closed.
-
Internally cookies on the client machine are used to store unique session identifier but actual session variables are stored on the server
Previous Articles: