Sessions in PHP

Now, I know that when I first got PHP4 up and running on my system, the very first thing that I wanted to try out was the sessions and how to use it with a user, form-based login. This would be useful for just about any site where you had a "members only" area and wanted to validate the users from a database or anything else. In the examples here, we will be authorizing off of a MySQL database on the same server.

To begin with, we need to look at the various functions that we will be using and explain them a bit. First, session_start(). This one is probably the most important one of the group. This function is required on every page (unless you change a setting in the php.ini file) so that you can safely pass the session ID to it and it will know what to do with it. Generally, I put it by itself, up before the header information is sent.

<? session_start( ); ?>

This allows the page to take in all of the session information, including registered variables. This is the next thing that we come to. Now, sessions and all are well and good, but what's the real use in them? Why get them up and integrated into your website unless you can make them bow to your almighty programmer's will? Well, fear no more!

The next function is your Holy Grail. The session_register() function provides you with the means to pass variables "imbedded" within the session. This makes for greater ease in continuing a users login over the course of several pages. I have found it easier to put this statement up at the top of the page also. Usually, it's only needed on the page that you are putting in the initial value for a variable on. For instance, going back to our login form example, on that page you would probably want something like:

<? session_start(); session_register("username","password"); ?>

This would imbed the values of the variable $username and $password in the session. Also note that you use the names of the variables, and not the actual variable name. It won't work if you try putting in the actual variable names. That's all there is to it! Now that we have the variables in there mix and the session information ready to go, how do we get it to another page? Easy, trust me. To get it all over there, we just need to pass the session ID to the next page, and as long as it starts off with a

<? session_start(); ?>

then it will be able to access the registered variables inside. The issue arises though, how do I go about passing the session ID to the next page? Easy.

<? $session=session_id(); ?> <a href="next.php?<?echo $session?>">next</a>

See? Told you it was easy! Just use the session_id() function to get the current session's ID information. Now, last but not least, what happens when we want to get rid of the session and destroy all of the data associated with it? Well, look no further! The session_destroy() function is all you need. All you do is call it (with no variables or anything passed to it) and it will get rid of the current session. Great for a "log-off" button. So, anyway, that's our brief overview for sessions and some of the issues involved with them.