Basic Session Functionality

Sessions in PHP are driven by a unique session ID, a cryptographically random number. This session ID is generated by PHP and stored on the client side for the lifetime of a session. It can be either stored on a user's computer in a cookie or passed along through URLs.

By default, the session ID is sent in a cookie and the cookie's name is PHPSESSID with a value like 4bcc48dc87cb4b54d63f99da23fb41e1. No other information about the user is stored in this cookie.

The session ID acts as a key that allows you to register particular variables as so-called session variables. The contents of these variables are stored at the server. The session ID is the only information visible at the client side. If, at the time of a particular connection to your site, the session ID is visible either through a cookie or the URL, you can access the session variables stored on the server for that session. By default, the session variables are stored in flat files on the server. This session file starts with "sess" followed by the session number. The text it contains is a serialized line representing the data, the data type, and the number of characters saved for a session.

So with every client request, the cookie will be sent to the server. The server will use the session ID in the cookie to find the session file. To find out where the sessions are stored, use the session_save_path() function.

You can check your php.ini by loading the phpinfo.


Sessions in PHP | Introduction | Basic Session Functionality | Creating a Session | Accessing Session Variables | Deleting a Session | Implementing a Login System with Sessions | Saving Arrays in a Session | Using Cookies with Session | Sessions without Cookies | Potential Session Problems
© 2008: Hann So
email: hso@voyager.deanza.edu