PHP sessions
PHP sessions introduction
What is session_start()?
What is session hijacking?
What is meant by Session Clustering?
How many ways can we get the value of current
session id?
Short note on Starting a session
PHP sessions - Dec 13, 2008 at 22:00 PM by Rajmeet Ghai
PHP sessions introduction
When a user logs in an application, his details are usually stored in a session
variable. This information is available to all pages in one application.
Sessions in PHP work using a unique id for each visitor.
Starting a php session: This tag must also appear before the
HTML tag.
Session_start();
Storing a session variable: Here in the sample variable value
is set to 1
Session_start();
$_session[‘sample]=1;
Destroying a session:
Session_destory();
What is session_start() ?
When a user logs in an application, his details are usually stored in a session
variable. This information is available to all pages in one application.
Sessions in PHP work using a unique id for each visitor.
Starting a php session: This tag must also appear before the HTML tag.
Session_start();
Storing a session variable: Here in the sample variable value is set to 1
Session_start();
$_session[‘sample]=1;
What is session hijacking?
Session hijacking is the misuse of a valid computer session. It is used to
attain unauthorized and illegal access to a system. This access is attained
using the “brute force” attack where in he tries multiple id’s to login in a
system while the session is in progress. The most common method of session
hijacking is IP spoofing where an attacker uses source-routed IP packets to
insert commands into an active communication between two systems on a network
and pretending itself as one of the authenticated users.
What is meant by Session Clustering?
Session clustering is used to provide scalability for keeping the session data
in synch across a “cluster” of PHP servers. The sessions reside on the machine
in which they are created. These sessions are then delivered from one machine
to another. This delivery is fully distributed. The Zend Session manager is
used for transferring sessions from the system (session storage) to remote
addresses.
How many ways I can register the variables into session?
Global variables in PHP can be registered using the session_register() function.
It accepts different number of arguments, any of which can be either a string
holding the name of a variable or an array consisting of variable names or
other arrays
Example:
Session_register(“smple”);
$_session can also be used for registering variables.
Example:
$_SESSION['count'] = 0;
How many ways can we get the value of current session id?
Using session_id() function, the current value of the session can be found.
Syntax:
String session_id(string $id);
Short note on Starting a session
-
Adding session data.
Here in the sample variable value is set to 1
<?php
Session_start();
$_session[‘sample]=1;
?>
-
Reading session data
Once the data is set, it immediately becomes available to read in the
$_SESSION array.
<?php
$_SESSION[‘sample’]=1;
Print $_SESSION [‘sample’];
?>
-
Removing session data
The session data can be removed using the unset() function. Only
specific elements of the $_SESSION array should be unset.
<?php
$_SESSION[‘sample’]=1;
Print $_SESSION [‘sample’];
Unset ($_SESSION[‘sample’);
?>
-
Ending a session
A session lasts until the browser window is not closed. In order to
explicitly end the session Session_destory(); is used for ending the session.
|
