PHP: Sessions
Derek Bridge
Department of Computer Science,
University College Cork
PHP: Sessions
Aims:
- to learn what a session is
- to learn how PHP uses in-memory cookies for session management
- to see how to program sessions in PHP, using two simple case studies
The full shopping cart system: cart.zip
(Remember to edit $host, $user,
$password and $dbname)
Sessions
- A session is a sequence of requests from the same client within a short period of time
- Although the user may access different pages from the web site, we may want to
- track the client, i.e. identify which client is making requests
- maintain user-specific information across the pages visited
- Example: a shopping cart
Sessions in PHP
- You could write your own PHP to use cookies to keep track of sessions
- But PHP has built-in support for sessions
- your PHP invokes some simple functions that indicate what data you would like to maintain from one page to the next
- PHP handles all the details (e.g. cookie manipulation) for you
Sessions in PHP
- Any PHP script that wants to use sessions begins with a call to the
session_startfunction - What does the function do?
- If this is the start of a session (the first time a client has sent a request),
it creates a new session:
- it generates a unique number, called the session ID
- it stores the session ID, usually in a file on disk
- for each session ID, it also creates a data store, where it can maintain data about this session
- it arranges for the session ID to be sent back to the client as an in-memory cookie
- Question: Just to be clear: how can it tell that this is start of a session?
Sessions in PHP
- What does
session_startdo? Continued… - If this is not the start of a session (a subsequent visit), it restores
the session:
- the client will have included the session ID cookie in the request
- hence PHP can identify this client and its data store
- it loads data from the data store into an associative array:
$_SESSION
- The rest of your script can now use the data in the
$_SESSIONarray, or put new data into the array - You must invoke
session_startbefore any HTML is generated Why?
counter.php: simple example
Counting the number of times a page has been accessed by a client
<?php
require_once( 'output_functions.php' );
session_start();
if ( ! isset($_SESSION['num_visits']) )
{
$_SESSION['num_visits'] = 1;
}
else
{
$_SESSION['num_visits']++;
}
output_header( 'Welcome!', 'stylesheet.css' );
output_paragraph( "You have visited this page {$_SESSION['num_visits']} times" );
output_footer( 'University College Cork' );
?>
Compare this with our previous version! Compare (a) the code, (b) the behaviour, and (c) what gets stored where
Sessions in PHP
- By default, PHP uses cookies for sessions
- Q: What if the user has disabled cookies?
- A: PHP can be configured to switch to using URL rewriting in these circumstances - without the programmer needing to know which is being used
- By default, PHP uses in-memory cookies for sessions
- Q: What if I want persistent cookies instead?
- A: It's possible to configure PHP to use these instead
- A: But in that case it may be better to use the facilities we saw in the previous lecture instead or as well
Session in PHP: advanced notes
- There are more functions, few of which you will ever need:
session_registerto explicitly register a variablesession_unregisterto remove a variable from the data storesession_is_registeredto determine whether a variable is registeredsession_idif you want to see the unique session IDsession_destroy: removes all data from this session's data store (it doesn't affect the cookie, which is client-side)
Case study: a very, very, very simple shopping cart
Suppose our company Shrine of Bacchus Wines sell wines, listed in this database:
CREATE TABLE wines
(
id INT NOT NULL AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
price DECIMAL(5, 2) NOT NULL,
PRIMARY KEY (id)
);
Overview of the scripts
![[The scripts used in our shopping cart system]](cart_scripts.png)
Displaying our wine catalog
The product catalog page lists all the wines we sell:
<table>
<tr>
<td>Dingo Dribble</td>
<td>12.33</td>
<td><a href="add_to_cart.php?id=1">Add to cart</a></td>
</tr>
…
</table>
(Obviously, this table is produced from the database by a PHP script:
show_catalog.php)
This page also contains a link:
<a href="show_cart.php">Show cart</a>
add_to_cart.php: adding to the shopping cart
<?php
require_once('output_functions.php');
// If this is an on-going session, obtain the $cart array.
// If it's a new session, create an empty array
session_start();
if ( isset($_SESSION['cart']) )
{
$cart = $_SESSION['cart'];
}
else
{
$cart = array();
}
// Get the id of the item being added to the cart
$id = (int) $_GET['id'];
// If this item is in the cart already, then increment the quantity.
// If not, insert it.
if ( isset($cart[$id]) )
{
$cart[$id]++;
}
else
{
$cart[$id] = 1;
}
// Put the revised cart back into the session store
$_SESSION['cart'] = $cart;
output_header( 'Item successfully added to your cart', 'sbw.css' );
?>
<p>
<a href="show_cart.php">Show cart</a>
</p>
<p>
<a href="show_catalog.php">Show catalog</a>
</p>
<?php
output_footer( 'Shrine of Bacchus Wines' );
?>
show_cart.php: displaying the shopping cart (simple version)
<?php
require_once( 'output_functions.php' );
// If this is an on-going session, obtain the $cart array.
// If it's a new session, create an empty array
session_start();
if ( isset($_SESSION['cart']) )
{
$cart = $_SESSION['cart'];
}
else
{
$cart = array();
}
output_header( 'Your cart', 'sbw.css' );
if ( count($cart) == 0 )
{
output_paragraph( 'No items in shopping cart.' );
}
else
{
echo "<table>";
foreach ($cart as $id => $qty)
{
echo "<tr>
<td>{$id}</td>
<td>{$qty}</td>
</tr>";
}
echo "</table>";
}
?>
<p>
<a href="show_catalog.php">Show catalog</a>
</p>
<?php
output_footer( 'Shrine of Bacchus Wines' );
?>
show_cart.php: displaying the shopping cart (better version)
A better version of show_cart.php would take each product in the cart and
look it up in the database so that it can output not just the id and quantity
but also the name and price