A session is a way to continue information across different web pages to recognize users as they traverse a site or app.
There was absolutely no way a server could remember a specific user between multiple requests, which is why we call the HTTP protocol a stateless protocol.
For example, When you click a web page, the server is only available for providing the content of the requested page. So when you click other pages on the same website, the webserver converts each request uniquely, as if they were not connected to each other. The server has no way to differentiate whether each request is coming from the same user.
Real-Time Example Login Flow With Sessions and Cookies
Following is the flow for a website to understand what happens behind the scenes.
- When a user opens a login page of a website.
- After submitting the login form, a server authenticates the request by checking the credentials that were entered.
- If the credentials entered by the user are correct, the server creates a new session and it creates a unique random number, which is called a session id. It also creates a new file for each session created on the server and it will store the session-specific information.
- Next, a session id is sent back to the user, along with whatever assets were requested. In the background, the session id is sent in the PHPSESSID cookie in the response header.
- When the browser gets the response back from the server, it will come across the PHPSESSID cookie header. If cookies are accepted by the browser, it will save this PHPSESSID cookie, which has the session id passed by the server.
- For the next requests, the PHPSESSID cookie is sent back to the server. When the server gets into the PHPSESSID cookie, it will try to configure a session with the same session id. It will then configure the global array variable $_SESSION with the information stored in the session file.
This is how the user’s data is saved across multiple requests, and the user remains logged in for the duration of a session.
Following is the image which depicts how the HTTP protocol works throughout the session:-
Example:
<?php
session_id(YOUR_SESSION_ID);//If you want to change the system-generated session id with your own, you can pass it to the first argument of the session_id function.
// start a session
session_start();
echo session_id();//It will give the Id which is created when the session started.
// manipulate session variables
// initialize session variables
$_SESSION['logged_in_user_id'] = '1';
$_SESSION['logged_in_user_name'] = Test_User;
// destroy everything in this session
unset($_SESSION);
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"],$params["httponly"]);
}
session_destroy();
?>
Note:- The session_start function should be called at the beginning of the file before anything is sent to the browser. Otherwise, you’ll get the error of the Headers are already sent.But if you want to add custom session Id you have to call session_id(YOUR_SESSION_ID) before session_start() function
If you have skills in PHP programming and you want to enhance your career in this field, a PHP certification from StudySection can help you reach your desired goals. Both beginner level and expert level PHP Certification Exams are offered by StudySection along with other programming certification exams.
