Sessions

Derek Bridge

Department of Computer Science,
University College Cork

Sessions

Aims:

• to learn what a session is
• to learn how PHP uses in-memory cookies for session management
• to see how to program sessions in PHP, using two simple case studies

Sessions

• A session is a sequence of requests from the same client within a short period of time
• Although the user may access different pages from the web site, we may want to
  • track the client, i.e. identify which client is making requests
  • maintain user-specific information across the pages visited
• Example: a shopping cart

Sessions in PHP

• You could write your own PHP scripts to keep track of sessions using cookies
• But PHP has built-in support for sessions
  • your code uses some simple functions that indicate what data you would like to maintain from one page to the next
  • PHP handles all the details (e.g. cookie manipulation) for you

Sessions in PHP

• Any PHP script that wants to use sessions begins with a call to the session_start function
• What does the function do?
• If this is the start of a session (the first time a client has sent a request), it creates a new session:
  • it generates a unique number, called the session ID
  • it stores the session ID, usually in a file on disk
  • for each session ID, it also creates a data store, where it can maintain data about this session
  • it arranges for the session ID to be sent back to the client as an in-memory cookie
• Question: Just to be clear: how can it tell that this is start of a session?
• The call to session_start must come before any (X)HTML is generated. Why?

Sessions in PHP

• What does session_start do? Continued...
• If this is not the start of a session (a subsequent visit), it restores the session:
  • the client will have included the session ID cookie in the request
  • hence PHP can identify this client and its data store
  • it loads data from the data store into an associative array: $_SESSION
• The rest of your script can now use the data in the $_SESSION array, or put new data into the array

counter.php: simple example

Counting the number of times a page has been accessed by a client

<?php 
 session_start();
 if (! isset($_SESSION['numvisits'])) 
 {
    $_SESSION['numvisits'] = 1;
 }
 else 
 {
    $_SESSION['numvisits]++;
 }
?>
...
<?php
 echo "Welcome! (Visit number: {$_SESSION['numvisits']})";
?>

Compare this with our previous version! Compare (a) the code, (b) the behaviour, and (c) what gets stored where

Sessions in PHP

• By default, PHP uses cookies for sessions
  • Q: What if the user has disabled cookies?
  • A: PHP can be configured to switch to using URL rewriting in these circumstances - without the programmer needing to know which is being used
• By default, PHP uses in-memory cookies for sessions
  • Q: What if I want persistent cookies instead?
  • A: It's possible to configure PHP to use these instead
  • A: But it may be better to use the facilities we saw in the previous lecture instead or as well

Session in PHP: advanced notes

• There are more functions, few of which you will ever need:
  • session_register to explicitly register a variable
  • session_unregister to remove a variable from the data store
  • session_is_registered to determine whether a variable is registered
  • session_id if you want to see the unique session ID
  • session_destroy: removes all data from this session's data store (it doesn't affect the cookie, which is client-side)

Case study: a very, very, very simple shopping cart

Suppose we sell wines, listed in this database:

CREATE TABLE wines (
   id INT NOT NULL AUTO_INCREMENT,
   name VARCHAR(255) NOT NULL,
   price DECIMAL(5, 2) NOT NULL,
   PRIMARY KEY (id)
);

Displaying our product catalog

The product catalog page lists all the wines we sell:

<table>
 <tr>
  <td>Dingo Dribble</td>
  <td>12.33</td>
  <td><a href="add_to_cart.php?id=1">Add to cart</a></td>
 </tr>
 ...
</table>

(Obviously, this table should be produced from the database by a PHP script: show_catalog.php)

This page also contains a link:

 <a href="show_cart.php">Show cart</a>

add_to_cart.php: adding to the shopping cart

<?php
 // If this is an on-going session, obtain the $cart array.
 // If it's a new session, create an empty array
 session_start();
 if ( isset($_SESSION['cart']) )
 {
	$cart = $_SESSION['cart'];
 }
 else
 {
	$cart = array();
 }
 
 // Get the id of the item being added to the cart
 $id = $_GET['id'];
 
 // If this item is in the cart already, then increment the quantity.
 // If not, insert it.
 if ( array_key_exists($id, $cart) )
 {
	$cart[$id]++;
 }
 else
 {
	$cart[$id] = 1;
 }
 
 // Put the revised cart back into the session store
 $_SESSION['cart'] = $cart;
?>

<?php echo '<?xml version="1.0" encoding="UTF-8"?>'; ?>
<!DOCTYPE html 
 PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Item Successfully Added to Cart</title>
</head>

<body>

<p>Item successfully added to cart</p>
<p><a href="show_cart.php">Show cart</a></p>
<p><a href="show_catalog.php">Show catalog</a></p>

</body>
</html>

show_cart.php: displaying the shopping cart

<?php
 // If this is an on-going session, obtain the $cart array.
 // If it's a new session, create an empty array
 session_start();
 if ( isset($_SESSION['cart']) )
 {
	$cart = $_SESSION['cart'];
 }
 else
 {
	$cart = array();
 }
?>

<?php echo '<?xml version="1.0" encoding="UTF-8"?>'; ?>
<!DOCTYPE html 
 PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Your shopping cart</title>
</head>

<body>

<?php
 if ( count($cart) == 0 )
 {
	echo 'No items in shopping cart.';
 }
 else
 {
	include('dbconnect.php');
	$total = 0;
	echo '<table>';
	foreach ($cart as $id => $qty)
	{
		// Get details of the wine whose $id is in the cart
		$sql = "SELECT * FROM wines WHERE id = {$id};";
		$dbresult = mysql_query($sql);
		if ( ! $dbresult )
		{
			die('Error in query ' . mysql_error());
		}
		$row = mysql_fetch_assoc($dbresult);
		echo "<tr>
				<td>{$row['name']}</td>
				<td>{$row['price']}</td>
				<td>{$qty}</td>
			</tr>";
		$total += $row['price'] * $qty;
	}
	echo "<tr><th>TOTAL:</th><td>{$total}</td></tr>";
	echo "</table>";
 }
?>

<p><a href="show_catalog.php">Show catalog</a></p>

</body>
</html>