Sessions are extremely cool and useful. They allow you to create variables which can be accessed by any page on your site. This means you don't have to send values via $_POST or $_GET (which are visible to the user). What more can you ask for?
Your session variables exist across browser windows (of the same application). In other words, if you generate a session variable from one IE browser window, you can echo
its value from any other IE browser window you have open.
However, the lifetime of a session is also limited by the browser window(s) you have open. Once you close all those IE browser windows, your session variables will be annihiliated. So sad. That's why, after logging out, you often receive the message "Please close your browser windows."
To begin, call the session_start
function. Like so..
This will begin your session. If you would like to access a session variable, you must call this function first.
All your session variables/values are stored in the array $_SESSION. Here's an example:
// create a session variable 'username' with value 'icemelon'
$_SESSION['username'] = 'icemelon';
// print out "Welcome <USERNAME>" message
echo "<p> Welcome $_SESSION[username]! ";
(You can also create a session variable with session_register
, but I prefer the method above.)
Keep in mind, once the $_SESSION['username'] value has been set (as I've done above), you can access it from any other PHP script on your site. Remember, though, to call session_start() on each page you wish to use $_SESSION['username'].
When a session is initially started, an unique session ID will be created with it. For instance, if 8 computers access the same page (that starts a session), each computer will have a different session ID. To grab the value of this ID, use session_id
. This ID is a very long alphanumeric string. Here's an example:
// e.g. output: 915f99ab59a46de42cfd389adf85c39a
Because this ID is so "random" and unique, you can use it to generate a password if you wish. For instance:
// generate an 8-letter password
echo substr(md5(session_id()), 2, 8);
Aside: The function md5
is a popular hash function—used for encryption.
I bet you realize this is an extremely useful tool. When used right, the powers that are unleashed are confined only by your imagination and morals. Here are some values you may want your session variables to store:
» an incrementing count (maybe, of the number of pages a user has visited).
» history of pages visited (e.g. home -> tutorials -> headlines -> home)
» subliminal messages!
There may come a time when you will want to delete the session variables. For instance, if Sam logs out of a public computer, and Lamb comes to use it.. you don't want your site to continue displaying the message "Hello Sam." Lamb would be utterly infuriated.
Here's how to destroy your variables and values:
$_SESSION = Array();
Yes, just set it to an empty array to clear the $_SESSION array.
Once you've got this down, the logical next step is to incorporate cookies into your site. I'll leave that for another tutorial.