Session Handling in PHP

Session is a way to store a stack of data from a particular user against an exclusive sessions ID. Session IDs are commonly transmitted to the browser via session cookies and the ID is used to fetch  existing actual data. The existence of an ID or session cookie approve PHP perceive to create a new session, and create a new session ID.Sessions observe a clear workflow. When the session starts , PHP will either fetch the  existing session using the ID passed or if no session is passed it will generate a new session.

How Session Work in PHP

There are many users who visit the same website and do different tasks according to their need such as login, logout, Change Password, etc the web server doesn't know the  different user because  the HTTP address doesn't maintain state. suppose you were sent request to browser  you get the response as browser don't know who you are they simply send request this state of sending a request  is known as stateless.

Session variable solves this problem by storing user information that is used beyond various pages  (e.g. username, update password ,Photo upload, etc). By default, session variables final until user does not close the browser.

When you start a session on server then a Unique Session Id created on server and save into browser cookie. All session data saved against that session id to the server. When browser send a request on server the session id stored in cookie also transfer to server, By using session id server fetch all saved session data and available in $_SESSION variable.

Session use in PHP

To use a session in PHP we use the $_SESSION to and to start a session we use session_start() which are provided by PHP. The session_start() generate a session Id if it is not generated before and with the help   of cookies it save on the browser in the response format through the header communication and then the session is ready to work . A file is created through the session id in a  temporary folder and the data is saved. When we save the data $_SESSION, there is a problem to use a PHP SESSION is that there is a limit of the server to manage the file, but when there are a large number of users are using session, then  the temporary file are increased when there are a large number of requests are coming then the sever become slow  and to avoid that problem we use the in memory database technique through  which server work properly and fast and session data also  retrieved. When we are using any mobile application which is stateless, there the session id is not saved on the client side because there are no browser exist there we use a token and we generate a token on server side and we save data against the token.So when we make API we use the token. The JWD token is a standard token  now a days.So we apply JWD token through which we get the authentication along with the data and we send that data to the  client side and client save the data if they request forward they send the token through which we can easily identify the client.

Note :- The default session time in PHP is 1440 seconds (24 minutes) and Default session storage path is temporary folder/tmp on server.

Session use in Frameworks like Codelgniter, Laravel etc

We can use session in Frameworks in three ways 

1. Native session: -  Frameworks doesn’t use standard PHP sessions normly, apart from that it saves session-data directly in a browser cookie, which check the data you can save to 4k. It makes the temporary folder in a temporary path and create a temporary file against all the session ID and that session ID save in the browser in the form of a cookie. So as the next  request goes from the browser to that cookie and sends to the server and  tell the session id and it will fetch that id and we will get the data that are save in session.

2. Database: -  We can manage session by using a database.In the database, we make the table and in that table, we make a session ID as a primary key  including the fields such as IP address data and the data that are present in session that data insert in a record. At the next request goes along with the session ID and we will get the data that are present in the database.

3. Redis: - Redis are used in the framework to make the sessions. Redis is in memory database.We have to install the redis in the server. Redis has its own condition (id, password) through which we can configure. As you send the new request it make a new session ID and that ID will become a redis key and store the data in the value format and as the next request goes, it fetch from the redis and available.It is best  because it is fast due to in memory database.

Start a PHP Native session

In PHP we start a session by using session_start()


Set some data in PHP Session:

$_SESSION['id'] = 1;
$_SESSION['user'] = "Paul";
$_SESSION['role'] = "Admin";

To print a session we use  ($_SESSION)



    [id] => 1
    [user] => Paul
    [role] => Admin

Destroy a PHP session 

To remove all the session variable we use  session_unset()


To destroy session variable we use  session_destroy()