PHP has built-in functions to save session variables. The variables are stored in state files. These state files need not be explicitly created and managed. The following are the steps for saving and retrieving values of session variables.
Step 1: Near the beginning of the program a directive to start the session must be given. PHP checks if there is already a session ID coming from a cookie, POSTed data, or a query string. If such an ID exists then the data is read from the session's state file as name-value pairs and stored in the $_SESSION variable. If there is no session ID, then a long session ID is created and the state file.
session_start();
Step 2: To save any name-value pair they need to registered with the state data. For example, if we have the following name-value pair:
$some_var = some_value;Then to register this data use the session_register() function or directly register the name-value pair:
session_register ("some_var");
OR
$_SESSION["some_var"] = some_value;
Step 3: After the name-value pair has been registered, the value can be retrieved easily:
$_SESSION["some_var"]
To pass the session ID manually as a part of a query string or a hidden form element, the session ID maybe obtained from the following function:
session_id()If the session ID is being passed as a hidden variable then the form element must be called PHPSESSID.
<input type = "hidden" name = "PHPSESSID"
value = "<?php print session_id(); ?>"/>
PHP uses only one state file and applications that use logged-on state should verify that there is a user name in the file. When different applications feature logged-on state, it is best to put an application specific line in the state file, so that a user cannot use a successful login to one application to fake a logged-on status to a different application using the same session ID.
When a session times out the state file is deleted. To check logged on state, the function isset() can be used as such:
isset($_SESSION["username"]) or isset($_SESSION["logged_on"])
To set a cookie, use the function setcookie().
setcookie (name, value, time, path, domain, secure);All the parameters are optional except for name. To set the expiration time use the built-in time() function and add the number of seconds. Here is a cookie set to expire an hour later, with a specified path and domain, and does not require secure connection:
setcookie ("some_var", "some_value", time()+3600, "/", "cs.utexas.edu", 0);
To set a temporary cookie the expiry time is omitted:
setcookie ("some_var", "some_value");
To set a long term cookie that expires in a year:
setcookie ("some_var", "some_value", time()+3600*24*365)
The setcookie() command must be issued before any printed output occurs because the cookie must be written as part of the HTTP header. PHP automatically parses any HTTP_COOKIE string into an associative array $_COOKIE. The value of the cookie can be retrieved from the cookie thus:
$_COOKIE["some_var"]