Session Handling in PHP
Session is a way to store a stack of data from a particular user against an exclusive sessions ID. Session IDs are commonly transmitted to the browser via session cookies and the ID is used to fetch existing actual data. The existence of an ID or session cookie approve PHP perceive to create a new session, and create a new session ID.Sessions observe a clear workflow. When the session starts , PHP will either fetch the existing session using the ID passed or if no session is passed it will generate a new session.
How Session Work in PHP
There are many users who visit the same website and do different tasks according to their need such as login, logout, Change Password, etc the web server doesn't know the different user because the HTTP address doesn't maintain state. suppose you were sent request to browser you get the response as browser don't know who you are they simply send request this state of sending a request is known as stateless.
Session variable solves this problem by storing user information that is used beyond various pages (e.g. username, update password ,Photo upload, etc). By default, session variables final until user does not close the browser.
When you start a session on server then a Unique Session Id created on server and save into browser cookie. All session data saved against that session id to the server. When browser send a request on server the session id stored in cookie also transfer to server, By using session id server fetch all saved session data and available in $_SESSION variable.
Session use in PHP
To use a session in PHP we use the $_SESSION to and to start a session we use session_start() which are provided by PHP. The session_start() generate a session Id if it is not generated before and with the help of cookies it save on the browser in the response format through the header communication and then the session is ready to work . A file is created through the session id in a temporary folder and the data is saved. When we save the data $_SESSION, there is a problem to use a PHP SESSION is that there is a limit of the server to manage the file, but when there are a large number of users are using session, then the temporary file are increased when there are a large number of requests are coming then the sever become slow and to avoid that problem we use the in memory database technique through which server work properly and fast and session data also retrieved. When we are using any mobile application which is stateless, there the session id is not saved on the client side because there are no browser exist there we use a token and we generate a token on server side and we save data against the token.So when we make API we use the token. The JWD token is a standard token now a days.So we apply JWD token through which we get the authentication along with the data and we send that data to the client side and client save the data if they request forward they send the token through which we can easily identify the client.
Note :- The default session time in PHP is 1440 seconds (24 minutes) and Default session storage path is temporary folder/tmp on server.
Session use in Frameworks like Codelgniter, Laravel etc
We can use session in Frameworks in three ways
1. Native session: - Frameworks doesn’t use standard PHP sessions normly, apart from that it saves session-data directly in a browser cookie, which check the data you can save to 4k. It makes the temporary folder in a temporary path and create a temporary file against all the session ID and that session ID save in the browser in the form of a cookie. So as the next request goes from the browser to that cookie and sends to the server and tell the session id and it will fetch that id and we will get the data that are save in session.
2. Database: - We can manage session by using a database.In the database, we make the table and in that table, we make a session ID as a primary key including the fields such as IP address data and the data that are present in session that data insert in a record. At the next request goes along with the session ID and we will get the data that are present in the database.
3. Redis: - Redis are used in the framework to make the sessions. Redis is in memory database.We have to install the redis in the server. Redis has its own condition (id, password) through which we can configure. As you send the new request it make a new session ID and that ID will become a redis key and store the data in the value format and as the next request goes, it fetch from the redis and available.It is best because it is fast due to in memory database.
Start a PHP Native session
In PHP we start a session by using session_start()
<?php session_start(); ?>
Set some data in PHP Session:
<?php session_start(); $_SESSION['id'] = 1; $_SESSION['user'] = "Paul"; $_SESSION['role'] = "Admin"; ?>
To print a session we use ($_SESSION)
<?php session_start(); print_r($_SESSION); ?>
Array ( [id] => 1 [user] => Paul [role] => Admin )
Destroy a PHP session
To remove all the session variable we use session_unset()
<?php session_unset(); ?>
To destroy session variable we use session_destroy()
<?php session_destroy(); ?>