Sessions in PHP: Managing Client-Side Interactions with PHP - Prof. David L. Tarnoff, Study notes of Computer Science

A part of the csci 2910 client/server-side programming course materials. It covers the topic of sessions in php, explaining their purpose, mechanics, implementation, and variable types. Sessions are essential for managing complex interactions with clients, such as shopping carts, secure sites, and user settings. Examples of starting, stopping, and using session variables, as well as handling session variable types.

Typology: Study notes

Pre 2010

Uploaded on 08/18/2009

koofers-user-ck9-1
koofers-user-ck9-1 🇺🇸

10 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Sessions in PHP – Page 1 of 13CSCI 2910 – Client/Server-Side Programming
CSCI 2910
Client/Server-Side Programming
Topic: Sessions in PHP
Reading: Williams & Lane pp. 338-368
Sessions in PHP – Page 2 of 13CSCI 2910 – Client/Server-Side Programming
Today’s Goals
Today’s lecture will cover:
An introduction to sessions, their purpose,
and their use
Starting and stopping a session
Using session variables
Sessions in PHP – Page 3 of 13CSCI 2910 – Client/Server-Side Programming
Purpose of a Session
In general, HTTP is a "stateless" system,
i.e., clients access documents through links
without regard to past interactions
This is not acceptable when it comes to
managing a complex interaction with a client
such as:
the use of a shopping cart;
logging into a database or other secure site; or
tracking a user's settings/data values as he or
she progresses through a site.
Sessions in PHP – Page 4 of 13CSCI 2910 – Client/Server-Side Programming
Mechanics of a Session
Session is identified using a session ID (32
digit hexadecimal value)
The session ID is transmitted between the
client and server with each HTTP request
and response
Client keeps track of a session through the
use of a cookie
Server keeps track of a session through
locally stored text files or a database
Sessions in PHP – Page 5 of 13CSCI 2910 – Client/Server-Side Programming
Mechanics of a Session (continued)
Databases are used for large traffic
applications while text files are used for
lower traffic.
The server maintains the session variables
in the text file or database.
To prevent security risks due to someone
hijacking an old session and to avoid
clogging the server with unused sessions,
the server will clean up old sessions after a
specified timeout period.
Sessions in PHP – Page 6 of 13CSCI 2910 – Client/Server-Side Programming
Implementing a Session
session_start() – creates a new session or
finds an existing session. Basically, it
identifies a session and accesses the
session's variables if it is an existing
session.
Once a session has been started, the
session's variables are accessed through a
superglobal associative array called
$_SESSION. (This is the same sort of array
as $_GET and $_POST.)
Example: $_SESSION[variable_name]
pf3

Partial preview of the text

Download Sessions in PHP: Managing Client-Side Interactions with PHP - Prof. David L. Tarnoff and more Study notes Computer Science in PDF only on Docsity!

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 1 of 13

CSCI 2910

Client/Server-Side Programming

Topic: Sessions in PHP Reading: Williams & Lane pp. 338-

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 2 of 13

Today’s Goals

Today’s lecture will cover:

  • An introduction to sessions, their purpose, and their use
  • Starting and stopping a session
  • Using session variables

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 3 of 13

Purpose of a Session

  • In general, HTTP is a "stateless" system, i.e., clients access documents through links without regard to past interactions
  • This is not acceptable when it comes to managing a complex interaction with a client such as: - the use of a shopping cart; - logging into a database or other secure site; or - tracking a user's settings/data values as he or she progresses through a site. CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 4 of 13

Mechanics of a Session

  • Session is identified using a session ID ( digit hexadecimal value)
  • The session ID is transmitted between the client and server with each HTTP request and response
  • Client keeps track of a session through the use of a cookie
  • Server keeps track of a session through locally stored text files or a database

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 5 of 13

Mechanics of a Session (continued)

  • Databases are used for large traffic applications while text files are used for lower traffic.
  • The server maintains the session variables in the text file or database.
  • To prevent security risks due to someone hijacking an old session and to avoid clogging the server with unused sessions, the server will clean up old sessions after a specified timeout period.

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 6 of 13

Implementing a Session

  • session_start() – creates a new session or finds an existing session. Basically, it identifies a session and accesses the session's variables if it is an existing session.
  • Once a session has been started, the session's variables are accessed through a superglobal associative array called $_SESSION. (This is the same sort of array as $_GET and $_POST.)
  • Example: $_SESSION[variable_name]

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 7 of 13

Implementing a Session (continued)

  • Because of the dual purpose of session_start(), i.e., it can initialize a session or access an existing one, the PHP code must have a method for identifying whether a session has already been initiated.
  • isset($_SESSION[variable_name]) can be used to determine if the session has already initialized a particular variable. For example:

if (!isset( $_SESSION['quantity'] )) $_SESSION['quantity'] = 0; else $_SESSION['quantity']++;

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 8 of 13

Implementing a Session (continued)

  • A variable can be removed from a session using the unset() function
  • Example: unset($_SESSION['quantity']);
  • All session variables can be removed by simply re-initializing the $_SESSION array
  • Example: $_SESSION = array();

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 9 of 13

Implementing a Session (continued)

  • Since the client receives its session ID through a cookie in one of the HTTP header files, it must be sent before any HTML is generated for the client's output.
  • Therefore, session_start() must be executed before any output is generated.

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 10 of 13

Session Variable Types

  • A session variable can be of any type or object
  • If a session variable is an object, be sure to define the object before running session_start().
  • If an existing session that uses an object is opened before the object is defined, it will cause problems.
  • The following slide presents an example

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 11 of 13

Hello, World! in PHP

CSCI 2910 – Client/Server-Side Programming Sessions in PHP – Page 12 of 13

Ending a Session

If you receive a signal from the client that they are ending the session, e.g., clicking on a link to log out, there is a method you can use to force a session to end.

  • First, you must open the session so that it is identified as the one to be closed.
  • Next, you must end the session with the function session_destroy()
  • Last, use the header function to direct an output to the client.