XLVI. Session handling functions

Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site.

A visitor accessing your web site is assigned an unique id, the so called session id. This is either stored in a cookie on the user side or is propagated in the URL.

The session support allows you register arbitrary numbers of variables to be preserved across requests. When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start() or implicitly through session_register()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.

All registered variables are serialized after the request finishes. Registered variables which are undefined are marked as being not defined. On subsequent accesses, these are not defined by the session module unless the user defines them later.

Currently, objects cannot be used as session variables.

The constant SID is defined, if the session module does not know exactly whether the user has accepted the cookie. You can use <?=SID?> to print out the constant (this will evaluate to an empty string, if SID is not defined). SID is of the form session_name=session_id.

The following example demonstrates how to register a variable, and how to link correctly to another page (propagation of session id).

Example 1. counting the number of hits of a single user

<?php

session_register("count");

$count++;

?>

Hello visitor, you have seen this page <? echo $count; ?> times.<p>

# the <?=SID?> is necessary to preserve the session id
# in the case that the user has disabled cookies

To continue, <A HREF="nextpage.php?<?=SID?>">click here</A>

The session management system supports a number of configuration options which you can place in your php.ini file. We will give a short overview.

  • session.save_handler defines the name of the handler which is used for storing and retrieving data associated with a session. Defaults to files.

  • session.save_path defines the argument which is passed to the save handler. If you choose the default files handler, this is the path where the files are created. Defaults to /tmp.

  • session.name specifies the name of the session which is used as cookie name. It should only contain alphanumeric characters. Defaults to PHPSESSID.

  • session.auto_start specifies whether the session module start a session automatically on request startup. Defaults to 0 (off).

  • session.lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0.

  • session.serialize_handler defines the name of the handler which is used to serialize/deserialize data. Currently, only "php" is supported. Defaults to php.

  • session.gc_probability specifies the probability that the gc (garbage collection) routine is started on each request in percent. Defaults to 1.

  • session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up.

Note: Session handling was added in PHP 4.0.

Table of Contents
session_start — Initialize session data
session_destroy — Destroys all data registered to a session
session_name — Get and/or set the current session name
session_module_name — Get and/or set the current session module
session_save_path — Get and/or set the current session save path
session_id — Get and/or set the current session id
session_register — Register a variable with the current session
session_unregister — Unregister a variable from the current session
session_is_registered — Find out if a variable is registered in a session
session_decode — Decodes session data from a string
session_encode — Encodes the current session data as a string