PHP Sessions Usage

HomeFoundations: Sessions and Session DataMaking Use of SessionsPHP Sessions Example

Thu, 04/09/2008 - 21:03 — horuskol

This is about the simplest example of using sessions:

<?php
 
// index.php
 
require_once('/includes/common.php');
 
// page code goes below here
 
 
$page_output = '';
 
if (isset($_GET['forgetme'])) {
 
  if (isset($_SESSION['username'])) {
 
    unset($_SESSION['username']);
 
  }
 
}
 
if (isset($_POST['username'])) {
 
  $_SESSION['username'] = $_POST['username'];
 
}
 
if (isset($_SESSION['username'])) {
 
  $page_output .= '<p>Hello ' . htmlentities($_SESSION['username']) . '!</p>';
 
  if (isset($_GET['remember'])) {
 
    $page_output .= '<p>See, I told you I would remember you</p>';
 
  }
 
  $page_output .= '<p>Click <a href="index.php?remember=true">here</a> and I will remember who you are</p>';
  $page_output .= '<p>Click <a href="index.php?forgetme=true">here</a> and I will forget you</p>';
 
} else {
 
  $page_output .= '<form action="index.php" method="post">';
  $page_output .= '<label for="fm_username">Enter Username</label>:';
 $page_output .= '<input type="text" id="fm_username" name="username" />';
 $page_output .= '<input type="submit" value="submit" />';
 $page_output .= '</form>';
 
}
 
echo $page_output;
 
?>

So, we access the session variables as part of the $_SESSION superglobal. The example also uses $_GET and $_POST in various guises in order to control the actual session data.

When a user opens the page for the first time, they are presented with the form:

 $page_output .= '<form action="index.php" method="post">';
  $page_output .= '<label for="fm_username">Enter Username</label>:';
 $page_output .= '<input type="text" id="fm_username" name="username" />';
 $page_output .= '<input type="submit" value="submit" />';
 $page_output .= '</form>';

This is because the check for the session value we are interested in (namely the username) has turned up false:

if (isset($_SESSION['username'])) {

Then, when the form is submitted, the script picks up the username and writes it to the session:

if (isset($_POST['username'])) {
 
  $_SESSION['username'] = $_POST['username'];
 
}

Now, everytime the user loads the page with the "remember" link, the script pulls the information back out again:

if (isset($_SESSION['username'])) {
 
  $page_output .= '<p>Hello ' . htmlentities($_SESSION['username']) . '!</p>';
 
  if (isset($_GET['remember'])) {
 
    $page_output .= '<p>See, I told you I would remember you</p>';
 
  }
 
  $page_output .= '<p>Click <a href="index.php?remember=true">here</a> and I will remember who you are</p>';
  $page_output .= '<p>Click <a href="index.php?forgetme=true">here</a> and I will forget you</p>';
 
}

This would be available even if the user now opened another page on the same site (you don't even need the remember parameter) - so long as you call session_start() at the top of the script (which you will be doing if you always include the common.php file).

Finally, we manually destroy the username when the user clicks to forget:

if (isset($_GET['forgetme'])) {
 
  if (isset($_SESSION['username'])) {
 
    unset($_SESSION['username']);
 
  }
 
}

Of course, the session is killed by the server after a time limit (24 minutes is the default), too.