Home » » php Sessions page

php Sessions page

11:33

Php Sessions are used to help maintain the values of variables across multiple web pages.
 This is done by creating a unique session ID that is sent to the client browser.
The browser then sends the unique ID back on each page request and PHP uses the ID to fetch the
values of all the variables associated with this session.

The session ID is sent back and forth in a cookie or in the URL. By default, PHP tries to use cookies,
 but if the browser has disabled cookies, PHP falls back to putting the ID in the URL.
The php.ini directives that affect this are:

session.use_cookies
When on, PHP will try to use cookies

session.use_trans_sid
When on, PHP will add the ID to URLs if cookies are not used

The trans_sid code in PHP is rather interesting. It actually parses the entire HTML file
and modifies/mangles every link and form to add the session ID. The url_rewriter.tags php.ini
directive can change how the various elements are mangled.

Writing an application that uses sessions is not hard. You start a session using session_start( ),
 then register the variables you wish to associate with that session. For example:

<?php
  session_start( );
  session_register('test');
  session_register('test1');

  $test = "Hello";
  $test1 = "World";
?>
If you put the previous example in a file named page1.php and load it in your browser, it sends you a cookie and stores the values of $foo and $bar on the server. If you then load this page2.php page:

<?php
  session_start( );
  echo "test = $_SESSION[test]<br />";
  echo "test1 = $_SESSION[test1]<br />";
?>
You should see the values of $foo and $bar set in page1.php. Note the use of the $_SESSION superglobal.
 If you have register_globals on, you would be able to access these as $foo and $bar directly.

You can add complex variables such as arrays and objects to sessions as well. The one caveat with
putting an object in a session is that you must load the class definition for that
object before you call session_start( ).

A common error people make when using sessions is that they tend to use it as a replacement for
 authentication -- or sometimes as an add-on to authentication. Authenticating a user once as he first
 enters your site and then using a session ID to identify that user throughout the rest of
the site without further authentication can lead to a lot of problems if another person is somehow
able to get the session ID.

There are a number of ways to get the session ID:

If you are not using SSL, session IDs may be sniffed

If you don't have proper entropy in your session IDs, they may be guessed

If you are using URL-based session IDs, they may end up in proxy logs

If you are using URL-based session IDs, they may end up bookmarked on publicly-accessible computers

Forcing HTTP Authentication on each page over SSL is the most secure way to avoid this problem, but it tends to be a bit inconvenient. Just keep the above points in mind when building a web application that uses sessions to store users' personal details.
Categories: 
Related Posts:
  • download a file by php code-PHP download files code Basic example for download a  file by php <?php $file="http://testexample.com/your_test_file.jpg"; // path to your file  header('Content-Type: application/octet-stream'); header('Content-Disposition: attachm… Read More
  • PHP Session expire-minutes inactivity PHP Session expire-minutes inactivity session_cache_limiter('public'); session_cache_expire(15); //should expire after 15  minutes inactivity asy way to handle this, is to set a variable to $_SESSION  every time … Read More
  • Aarray And multiple array values Aarray And multiple array values array[key_element1] => array(1, 2,3); array[key_element2] => array(4, 5, 6);  associative arrays array[key1] => array(key => value1, key => value2, key => value3); … Read More
  • Top codeigniter interview question and answers codeigniter interview question  What is codeigniter? Codeigniter is open source , web application framework.Its is for building websites using php.Codeigniter is loosely based on MVC pattern.Most simple framework in ph… Read More
  • Showing the Local Time in Other Time Zones Showing the Local Time in Other Time Zones Sometimes, you want  to show a formatted time in the current time zone and inother time zones as well. The following script shows a full textual date representation for the U.S… Read More
  • parent AND self PHP oops  parent  AND self PHP oops self::refers to the current class and it is usually used to accessstatic members, methods, and constants. parent::refers to the  parent class and it is most often used when wanting … Read More
  • Mysql Join query Codeigniter Mysql Join query Codeigniter code loads and initializes the database class based on your configuration settings. $query = $this->db->query('SELECT name, title, email FROM my_table'); foreach ($query->result() … Read More
  • strtotime php-current time zone strtotime()parsing is always done with the current time zone, unless a different time zone is specified in the string that is parsed:<?phpecho date("H:i T\n", strtotime("09:22")); // shows 09:22 CETecho date("H:i T\n\n", … Read More
  • PHP-final METHODS-override a final method However, there are times where you might want to make sure that a method cannot be re-implemented in its derived  classes. For this purpose, PHP supports the Java-like final access modifier for methods that declares … Read More
  • PHP INTERFACES Class inheritanceenables you to describe a parent-child relationshipbetween classes. For example, you might have a base class  Shapefrom which both Squareand Circlederive. However,  you might often want to add a… Read More
  • Static Methods-PHP  PHP supports declaring methods as static. Whatthis means is that your static methods are part of the  class and are not bound to any specific object instance and  its properties. Therefore, $this isn’t acce… Read More
  • PHP RSS feed script PHP RSS feed script RSS Reader PHP code function get_feed($link) {     $this->load->helper('text');     $last_update = time();     header('Cache-Control: no-cache, must-… Read More
  • What is array Arrays An arrayin PHP is a collection of key/value pairs.  This means that it maps keys or indexes to values. Array indexescan be either integers or strings whereas values can be of any type. Arrays in PHP are implement… Read More
  • Create Login page php-Php code  Create Login page php <?php             session_start();             $host="localhost"; // Host name &n… Read More
  • Php Session Security-Internet Security Because a session may contain sensitive information, you need to treat  the session as a possible security hole. Session security is necessary to  create and implement a session. If someone is listening in or sno… Read More