Creating a Session

Creating a session, accessing, or deleting a session begins with the session_start() function. This function will attempt to send a cookie the first time a session is started, so it absolutely must be called prior to any HTML or whitespace being sent to the browser. Therefore, on pages that use sessions, you should call the session_start() function as one of the very first lines in your script.

The first time a session is started, a random session ID is generated and a cookie is sent to the browser with a name of PHPSESSID (the session name) and a value like 4bcc48dc87cb4b54d63f99da23fb41e1.

Once the session has been started, you can record data to it by assigning values to the $_SESSION array. Each time you do this, PHP writes that data to a temporary file stored on the server. 

<?php
// Enable output buffering. No output is sent from the script
// (other than headers). It is saved in an internal buffer
ob_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>
<title>Creating a Session</title>
<meta Name="Author" Content="Hann So">
</head>
<body>
<p>
<?php

if (isset($_POST['submit'])) {
		process_form();
	}
	else {
		display_form();// display form for the first time
	}

function display_form() {
	echo <<<HTML
	<h2>Login Form</h2>
	<form action = "$_SERVER[SCRIPT_NAME]" method="post">
	Username:
	<input type="text" name="username" value="John" />
	<br />
	Password:
	<input type="password" name="password" value="John123" />
	<br />
	<input type="submit" name="submit" value="Log in" />
	</form>
HTML;
}

function process_form() {

	if ( (!empty($_POST['username'])) &&
	(!empty($_POST['password'])) ) {
		if ( ($_POST['username'] == 'John') &&
		($_POST['password'] == 'John123') ) {
			// Start session
			session_start();
			$_SESSION['username'] = 'John';
			$_SESSION['loggedin'] = time();
			// Here redirect the user to the welcome page after successfully logged in
			// header ('Location: welcome.php');
			// For our example we display the welcome message here
			echo "Welcome $_POST[username]<br />";
		}
		else {
			// Incorrect login
			echo "<p>Sorry the username and password are incorrect.</p>";
			display_form();
		}
	}
	else {
		// A missing field
		echo "<p>Please make sure to enter both username and password.</p>";
		display_form();
	}

	echo "<p><a href=\"example_a.php\">Access the session variables?</a></p>";
	echo "<p><a href=\"$_SERVER[SCRIPT_NAME]\">Try again?</a></p>";

}
?>
</p>
</body>
</html>
<?php
// Flush the buffer and end output buffering.
ob_end_flush();
?>

View the effect


Sessions in PHP | Introduction | Basic Session Functionality | Creating a Session | Accessing Session Variables | Deleting a Session | Implementing a Login System with Sessions | Saving Arrays in a Session | Using Cookies with Session | Sessions without Cookies | Potential Session Problems
© 2008: Hann So
email: hso@voyager.deanza.edu