Hello everyone. I was asked by a friend to write about PHP sessions. He wanted me to shed some light on that concept and allow him to use it in his next project.
When he asked I was like, "PHP session?! Hahaha".
The point is that I was surprised in some way that there is someone who still doesn't/hasn't understood what sessions are and probably how and when to use them. Then I decided to amplify the rate of such people, and it turns out that there are many people out there who are looking for a simple and clear resource to introduce this great feature of PHP.
So; I said, great I will do it. In this post I will take you through sessions. We'll see what sessions are, why and when do we need to use sessions, all with examples. At the end it I'll create a full project implementing sessions. And if after that you still have some questions you can ask me just under this tutorial.
Please this tutorial is strictly for beginners who have not understood what sessions are and how they could use it in their projects, do not expect an expert advise, if you have already mastered this concept 't's also possible you could gain a little plus.
What are sessions?
As I use to say it, words and expressions used as key word in a programming languages are used meticulously. Their meaning is deeply related to their function. The word/expression does what it basically means.
Although there are many definitions of the word session, depending of the context and the sector where it's used, but it generally it means a specific time frame dedicated to a task.
According to wikipedia:
In computer science, in particular networking, a session is a **semi-permanent** interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user. Source
Google Analytics:
A session is defined as a group of interactions one user takes within **a given time frame** on your website. Google Analytics defaults that time frame to 30 minutes. Meaning whatever a user does on your website (e.g. browses pages, downloads resources, purchases products) before they leave equals one session. Source
In PHP:
It's also a time frame, but this time, it represents the time between the time a user opens a website in a browser and the time he closes the browse(or the tab containing the website).
When you work with an application, you open it, do some changes, and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn't maintain state. Source
When you use desktop applications(software) they can determine when you open and close it through some tracking information they set. This is qualified of keeping states or stateful. In the case of HTTP communications, when a client sends a request to an HTTP server(like Apache), the server handles the request without keeping in memory any details of that request. Which mean if the client sends another request or the same request, the server will have to go through the same process to perform the task. That's is qualified of stateless. HTTP 1.0 was fully stateless. But HTTP 1.1 integrated a new layer to support CGI(Common Gateway Interface which allows us to create sessions and cookies. That's where PHP comes in.
...PHP code is usually processed by a PHP interpreter implemented as a module in the web server or as a Common Gateway Interface (CGI) executable.
That said, PHP can be used to set stateful variables at the server side which can be fetched by the client and vice-versa through URL encoding, Forms, Cookies, Sessions, etc.
What are sessions used for?
Now that you understand the underlying problem let's see what exactly sessions are used for. As you might have noticed there is a need to keep some information between applications(websites) and servers.
In general, when you create a website, you create every page as a single file. When you initialize a variable $ain a file file1.php you can't access the variable $a in another file file2.php unless:
- you include
file1.phpintofile2.phpbecause PHP variables have single scope - you set variable
$ainto a cookie - you save variable
ainto a session
All these options are good and used. But not used only to transport data from one file to another, but for many other reasons.
In the first option, when you have a complex file system it may become very tedious to manage the includes. To solve such problem, modern PHP developers use what's called namespaces.
The second option, we set a cookie(a type of variable) and give it a life time, the it's kept in the user's machine.
And in the third option, a session is set just for a user's visit session(duration). After the user closes his browser, the session is lost.
The last two options use what is called superglobal variables. These variables are PHP built-in variables and they are available in all scopes of your application. That sounds great, because we can use them to assure the transportation of our data from file to file. Some common global variables are: $_POST, $_GET, $_SESSION, $_FILES, $_COOKIE, $_SERVER.
Note their name are in capital letters, and the name starts with underscore(_).
Before I show you you can use sessions, let me give you some use case where the use of session can be required/necessary:
- Data transportation from page to page
- User sign in
- User dashboard
- Visit statistics
- Timing calculation
- Flash messaging
- Forms old data
- Cross-Site Request Forgery(CSRF)
- Shopping carts
- etc
How to create/use sessions?
To show you how sessions can be used, let me consider an example of a multi-step form and example of student registration form. Such form can be done in many steps. First step we get the student's personal information, second step we get his education background, third step we get his addresses and contact details, and so on so furth.
In such situation you might not like to save each step into the database every time a step is completed. because the user may not complete all steps, and you would have saved half data. You would like to keep all the information until the end, when you know all information is provided then you can save it. Meanwhile, where do we keep the forms data? In sessions of course.
Before implementing this let's see how a session can be set, used, edited, and removed:
Set session
PHP sessions are like cars - they need to be started before you can manipulated them. Everywhere (in every file) you intend to use sessions, you must start the session with session_start() function. All your sessions are accessible through the super-global array variable $_SESSION[]. So if you know how to create arrays, you have no problem in manipulating the $_SESSION.
To set a new session we do it like this:
<?php
if(!isset($_SESSION)){ // if the session is not already set
// we start the session engine
session_start();
}
// Set a new session
$_SESSION['error'] = 'Something went wrong';In this code we check if the function session_start() is not already used to start the session engine. If that's the case we don't do it again, if not we start the session. The reason you need to check this is that, if the session is already set and you try to start it again PHP will yield a warning.
Secondly, we set a new variable in the global array $_SESSION. Remember this variable is available everywhere in our application. So it will be temporally carrying our variable. Since $_SESSION is an array, we can assign it as many as possible keys-values pairs. In our case the key is error and its value is the string Something went wrong.
Get the session elements
After setting the session , we can get it anywhere in our script by calling the superglobal $_SESSION and the key of the value we want to access like this:
<?php
if(!isset($_SESSION)){ // if the session is not already set
// we start the session engine
session_start();
}
// get the value of session with the key 'error'
$errorMessage = $_SESSION['error'];
echo $errorMessage;
// Or you can use it directly
echo $_SESSION['error'];The session variables are like any variable and arrays. You can decide to reset/update the value of a key like this:
<?php
if(!isset($_SESSION)){ // if the session is not already set
// we start the session engine
session_start();
}
// New error message
$_SESSION['error'] = 'The username is required';This time if you echo the $_SESSION['error'] you get The username is required instead.
Deleting a session
One thing that's is special to arrays is how to delete them. There are two options:
Remove one element in the array, in that case we do it like this:
<?php
if(!isset($_SESSION)){ // if the session is not already set
// we start the session engine
session_start();
}
// remove a key from SESSION
unset($_SESSION['error']);or unset all session keys, like this:
<?php
if(isset($_SESSION)){ // if the session is set
// destroy it
session_destroy();
}Some remarks:
You have notice I have repeated the
session_start()in all scripts. If we don't start the session in each script we won't be able to access it and manipulate it.When I want to destroy the session, I checked if it exists first before engaging in its destruction. Instead of destroying the whole session, > we could also just unset all session key with
session_unset()
Real example of how to use sessions
Now you know how we can use the global variable $_SESSION, let see how we can implement the example of multi-step students subscription example I mentioned above:
index.php
<?php
// Start new session if it's not yet done
if (!isset($_SESSION)) {
session_start();
}
// Check if step 1 was set, if that's the case we send user to step 2
if (isset($_SESSION['step1'])) {
header('Location : step2.php', true, 303);
}
// This following block of php code wil work only after the user submits
// the form
if (isset($_POST) && sizeof($_POST) > 0) {
// Get the form data
$firstname = htmlspecialchars($_POST['firstname'], ENT_QUOTES, 'utf-8');
$lastname = htmlspecialchars($_POST['lastname'], ENT_QUOTES, 'utf-8');
$middlename = htmlspecialchars($_POST['middlename'], ENT_QUOTES, 'utf-8');
// Check if fields are not empty
if (!empty($firstname) && trim($firstname) != '' &&
!empty($lastname) && trim($lastname) != '' &&
!empty($middlename) && trim($middlename) != '') {
// Let me group it inside one single variable
$personalInfo = [
'firstname' => $firstname,
'lastname' => $lastname,
'middlename' => $middlename
];
// keep the variable $personalInfo into a session
$_SESSION['step1'] = $personalInfo;
// Now we redirect to the next step
if (!headers_sent()) {
header('Location : step2.php', true, 303);
}else{
die('Unexpected error: cannot redirect to step 2.');
}
}else{
// set a session to keep the error message
$_SESSION['error'] = 'All fields are required!';
// header('Location : index.php', true, 303);
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Step 1 - PHP Sessions</title>
<link rel="stylesheet" href="css.css">
</head>
<body>
<main>
<h1>Student subscription</h1>
<h3>Step 1 - Personal information</h3>
<hr>
<form action="" method="POST">
<!-- Display errors here if any -->
<?php if (isset($_SESSION['error'])): ?>
<div style="padding: 1em; color: red;">
<?= $_SESSION['error'] ?>
</div>
<?php unset($_SESSION['error']); endif; ?>
<!-- End error display -->
<div>
<label for="firstname">First Name</label>
<input type="text" name="firstname" id="firstname">
</div>
<div>
<label for="lastname">Last Name</label>
<input type="text" name="lastname" id="lastname">
</div>
<div>
<label for="middlename">Middle Name</label>
<input type="text" name="middlename" id="middlename">
</div>
<button type="submit">Next step »</button>
</form>
</main>
</body>
</html>This is the starting point of our application. It presents the first form to fill. The form is submitted to the file(index.php) itself. Once the form is submitted, the PHP code on top of it is executed.
If everything goes fine, we set a session containing the details the user just provided, and redirect the user to the step two.
step2.php
<?php
// Start new session if it's not yet done
if (!isset($_SESSION)) {
session_start();
}
// Check if step 1 was passed if not we send user back
if (!isset($_SESSION['step1'])) {
$_SESSION['error'] = 'You need to complete step 1 before.';
header('Location : index.php', true, 303);
}
// Check if step 2 was set, if that's the case we send user to step 3
if (isset($_SESSION['step2'])) {
header('Location : step3.php', true, 303);
}
// This following block of php code wil work only after the user submits
// the form
if (isset($_POST) && sizeof($_POST) > 0) {
// Get the form data
$previousschool = htmlspecialchars($_POST['previousschool'], ENT_QUOTES, 'utf-8');
$lastclass = htmlspecialchars($_POST['lastclass'], ENT_QUOTES, 'utf-8');
$certificate = htmlspecialchars($_POST['certificate'], ENT_QUOTES, 'utf-8');
// Check if fields are not empty
if (!empty($previousschool) && trim($previousschool) != '' &&
!empty($lastclass) && trim($lastclass) != '' &&
!empty($certificate) && trim($certificate) != '') {
// Let me group it inside one single variable
$eduBackgroud = [
'school' => $previousschool,
'class' => $lastclass,
'certificate' => $certificate
];
// keep the variable $eduBackgroud into a session
$_SESSION['step2'] = $eduBackgroud;
// Now we redirect to the next step
if (!headers_sent()) {
header('Location : step3.php', true, 303);
}else{
die('Unexpected error: cannot redirect to step 2.');
}
}else{
// set a session to keep the error message
$_SESSION['error'] = 'All fields are required!';
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Step 2 - PHP Sessions</title>
<link rel="stylesheet" href="css.css">
</head>
<body>
<main>
<h1>Student subscription</h1>
<h3>Step 2 - Education background</h3>
<hr>
<!-- Display information of step 1 -->
<?php if (isset($_SESSION['step1'])): $step1 = $_SESSION['step1']; ?>
<div class="box">
<h4>Information from step 1</h4>
<ul>
<li>First Name: <?= $step1['firstname'] ?></li>
<li>Last Name: <?= $step1['lastname'] ?></li>
<li>Middle Name: <?= $step1['middlename'] ?></li>
</ul>
</div>
<?php endif ?>
<!-- End information step 1 -->
<h3>Fill in the form bellow to continue</h3>
<form action="" method="POST">
<!-- Display errors here if any -->
<?php if (isset($_SESSION['error'])): ?>
<div style="padding: 1em; color: red;">
<?= $_SESSION['error'] ?>
</div>
<?php unset($_SESSION['error']); endif; ?>
<!-- End error display -->
<div>
<label for="previousschool">Previous School Name</label>
<input type="text" name="previousschool" id="previousschool">
</div>
<div>
<label for="lastclass">Last class</label>
<input type="text" name="lastclass" id="lastclass">
</div>
<div>
<label for="middlename">Certificate pursuing</label>
<select name="certificate" id="certificate">
<option value="BS. Graphic Designing">BS. Graphic Designing</option>
<option value="BS. Web Development">BS. Web Development</option>
<option value="BS. Game Development">BS. Game Development</option>
</select>
</div>
<button type="submit">Next step »</button>
</form>
</main>
</body>
</html>This step too works similarly to the first step. Once this is done we're redirected to step three.
step3.php
<?php
// Start new session if it's not yet done
if (!isset($_SESSION)) {
session_start();
}
// Check if step 2 was passed if not we send user back
if (!isset($_SESSION['step2'])) {
$_SESSION['error'] = 'You need to complete step 2 before.';
header('Location : step2.php', true, 303);
}
// Check if step 3 was set, if that's the case we send user to the end
if (isset($_SESSION['step3'])) {
header('Location : summary.php', true, 303);
}
// This following block of php code wil work only after the user submits
// the form
if (isset($_POST) && sizeof($_POST) > 0) {
// Get the form data
$address = htmlspecialchars($_POST['address'], ENT_QUOTES, 'utf-8');
$telephone = htmlspecialchars($_POST['telephone'], ENT_QUOTES, 'utf-8');
$email = htmlspecialchars($_POST['email'], ENT_QUOTES, 'utf-8');
// Check if fields are not empty
if (!empty($address) && trim($address) != '' &&
!empty($telephone) && trim($telephone) != '' &&
!empty($email) && trim($email) != '') {
// Let me group it inside one single variable
$sontact = [
'address' => $address,
'telephone' => $telephone,
'email' => $email
];
// keep the variable $sontact into a session
$_SESSION['step3'] = $sontact;
// Now we redirect to the next step
if (!headers_sent()) {
header('Location : summary.php', true, 303);
}else{
die('Unexpected error: cannot redirect to step 2.');
}
}else{
// set a session to keep the error message
$_SESSION['error'] = 'All fields are required!';
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Step 3 - PHP Sessions</title>
<link rel="stylesheet" href="css.css">
</head>
<body>
<main>
<h1>Student subscription</h1>
<h3>Step 3 - Contact details</h3>
<hr>
<!-- Display information of step 1 -->
<?php if (isset($_SESSION['step1'])): $step1 = $_SESSION['step1']; ?>
<div class="box">
<h4>Information from step 1</h4>
<ul>
<li>First Name: <?= $step1['firstname'] ?></li>
<li>Last Name: <?= $step1['lastname'] ?></li>
<li>Middle Name: <?= $step1['middlename'] ?></li>
</ul>
</div>
<?php endif ?>
<!-- End information step 1 -->
<!-- Display information of step 2 -->
<?php if (isset($_SESSION['step2'])): $step2 = $_SESSION['step2']; ?>
<div class="box">
<h4>Information from step 2</h4>
<ul>
<li>School attended: <?= $step2['school'] ?></li>
<li>Class: <?= $step2['class'] ?></li>
<li>Certificate: <?= $step2['certificate'] ?></li>
</ul>
</div>
<?php endif ?>
<!-- End information step 2 -->
<h3>Fill in the form bellow to continue</h3>
<form action="" method="POST">
<!-- Display errors here if any -->
<?php if (isset($_SESSION['error'])): ?>
<div style="padding: 1em; color: red;">
<?= $_SESSION['error'] ?>
</div>
<?php unset($_SESSION['error']); endif; ?>
<!-- End error display -->
<div>
<label for="address">Address</label>
<input type="text" name="address" id="address">
</div>
<div>
<label for="telephone">Telephone</label>
<input type="text" name="telephone" id="telephone">
</div>
<div>
<label for="email">Email</label>
<input type="email" name="email" id="email" required="required">
</div>
<button type="submit">Next step »</button>
</form>
</main>
</body>
</html>summary.php
<?php
// Start new session if it's not yet done
if (!isset($_SESSION)) {
session_start();
}
// Check if all steps were filled
if (!isset($_SESSION['step1']) || !isset($_SESSION['step2']) || !isset($_SESSION['step3']) ) {
$_SESSION['error'] = 'You need to complete all steps before.';
header('Location : index.php', true, 303);
}
// Make names easier to keep
$step1 = $_SESSION['step1'];
$step2 = $_SESSION['step2'];
$step3 = $_SESSION['step3'];
// HERE DO ALL PROCESSING WITH THE DATA
// DIFFERENT INFORMATION IS KEPT IN
// $_SESSION['step1'], $_SESSION['step2'], and
// $_SESSION['step3']
//
// * you can save it in a database
// * send it through email
// * save in a file
// * etc
//
// An example of how it could be saved in a database
//
// $req = $db->prepare(" INSERT INTO applications (firstname, lastname, middlename, school, class,
// certificate, address, telephone, email) VALUES(?,?,?,?,?,?,?,?,?
// )")
//
// $req->execute( [$step1['firstname'], $step1['lastname'], $step1['middlename'],
// $step2['school'], $step2['class'], $step2['certificate'], $step3['address'],
// $step3['telephone'], $step3['email'] ]);
// If the user hits FINISH, we can unset all sessions
// and send user back to first step
if (isset($_POST) && sizeof($_POST) > 0) {
// unset($step1, $step2, $step3);
unset($step1);
unset($step2);
unset($step3);
session_destroy();
header('Location : confirmation.php', true, 303);
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Summary - PHP Sessions</title>
<link rel="stylesheet" href="css.css">
</head>
<body>
<main>
<h1>Student subscription</h1>
<h3>Summery</h3>
<hr>
<!-- Display information of step 1 -->
<?php if (isset($_SESSION['step1'])): $step1 = $_SESSION['step1']; ?>
<div class="box">
<h4>Information from step 1</h4>
<ul>
<li>First Name: <?= $step1['firstname'] ?></li>
<li>Last Name: <?= $step1['lastname'] ?></li>
<li>Middle Name: <?= $step1['middlename'] ?></li>
</ul>
</div>
<?php endif ?>
<!-- End information step 1 -->
<!-- Display information of step 2 -->
<?php if (isset($_SESSION['step2'])): $step2 = $_SESSION['step2']; ?>
<div class="box">
<h4>Information from step 2</h4>
<ul>
<li>School attended: <?= $step2['school'] ?></li>
<li>Class: <?= $step2['class'] ?></li>
<li>Certificate: <?= $step2['certificate'] ?></li>
</ul>
</div>
<?php endif ?>
<!-- End information step 2 -->
<!-- Display information of step 3 -->
<?php if (isset($_SESSION['step3'])): $step3 = $_SESSION['step3']; ?>
<div class="box">
<h4>Information from step 3</h4>
<ul>
<li>Address: <?= $step3['address'] ?></li>
<li>Telephone: <?= $step3['telephone'] ?></li>
<li>Email: <?= $step3['email'] ?></li>
</ul>
</div>
<?php endif ?>
<!-- End information step 3 -->
<h3>Click the following button to finish</h3>
<form action="" method="POST">
<input type="submit" name="finish" value="SAVE & FINISH">
</form>
</main>
</body>
</html>This page displays the summary of all steps and gives a button to finish. Once the user clicks on the finish button, we can now do anything we want with the information such as:
- Saving it in a database
- Sending it via email
- Saving in a file
- etc
Note that you can't go back to a previous step
Conclusion
I will stop here for now. I will be expecting your questions. This was a long introduction to sessions in PHP. I hope it helps you see them better now.
EDIT:
Please I would like to call your attention on security issues related to using sessions. You might need to read more about it here. Also want you to note that using sessions to keep processes data as I did in this sample is not advised in a serious project.
You can download my source code and compare with yours. You can also check out the demo of my code. Please don't forget to share this with friends. Thanks for reading.
Last updated 2024-01-11 UTC