Jump to content

PHP and MySQL Programming/Session Handling

From Wikibooks

PHP has several powerful functions to allow it to remember individual users. These can be divided into two main categories, session handling and cookie handling.

A cookie is a small text file stored by the browser when it visits a web page. When the website asks for the cookie the browser sends it's contents - enabling the webserver to remember who the user is. Cookies can be set for any period needed, and will not be sent back after they have expired.

A session is a facility of PHP that prevents you from directly dealing with cookies. The server generates a random code, and sends this to the browser as a cookie. Data is then stored on the server in a special variable. When the user moves to another page, it sends the cookie to the webserver, which then gives PHP all the data 'specific to that user that has been stored. Sessions only last for as long as the browser window is open.

Creating a cookie is done like this:

//Fragment 4-1
/*Example of using cookies*/

setcookie("Cookie","Contents of cookie", time()+3600); // This creates a cookie, called "Cookie", which contains "Contents of cookie" and will expire 3,600 seconds in the future.

Cookies can be destroyed by resetting them so they're in the past:

//Gragment 4-2
setcookie("Cookie","",time()-3600); //This overwrites the contents of the cookie "Cookie" with nothing, and sets it to expire.

Once you destroy a cookie, it will no longer be accessible. Cookies can be accessed fairly easily:

//Fragment 4-3
echo $_COOKIE["Cookie"]; //Prints the contents of cookie "Cookie" to the screen.
$cookie_contents = $_COOKIE["Cookie"]; //Assigns the contents of cookie "Cookie" to the screen.

Sessions are even easier:

//Script 4-4
/*Simple example to demonstrate sessions*/

session_start(); //Starts the session
$_SESSION["Cookie"] = "Cookie contents"; //Assigns "Cookie contents" to a part of the session "Cookie"
echo $_SESSION["Cookie"]; //Prints "Cookie contents"

You can also destroy a session using the session_destroy() function.

Pratical example: A simple page view counter

//Script 4-5

<?php
// This piece of PHP needs to come before the HTML tag, 
// as the cookie that needs to be sent so the session 
// can work cannot be sent after any text is sent.

session_start("Viewcounter"); // I've named my session here. To destroy it, I would need to use session_destroy("Viewcounter")

// To be sure that I'm considering previous page views,
// I check to see if the session variable view_count has
// been set using the isset() function. 
if(isset($_SESSION["view_count"])===false){$view_count = 0;}
else {$view_count = $_SESSION["view_count"];}

$view_count++; // Increase the variable view_count by one.

$_SESSION["view_count"] = $view_count; // Save the new number of views back into the session.

?>

<html>

<body>

<p>You've viewed this page <?php echo $view_count ?> times.</p>

</body>

</html>

A sample output might look like this:

You've viewed this page 3 times.