PHP sessions

PHP sessions

PHP sessions introduction

When a user logs in an application, his details are usually stored in a session variable. This information is available to all pages in one application. Sessions in PHP work using a unique id for each visitor.

Starting a php session: This tag must also appear before the HTML tag.
Session_start();

Storing a session variable: Here in the sample variable value is set to 1
Session_start();

$_session[‘sample]=1;

Destroying a session:
Session_destory();

What is session_start() ?

When a user logs in an application, his details are usually stored in a session variable. This information is available to all pages in one application. Sessions in PHP work using a unique id for each visitor.

Starting a php session: This tag must also appear before the HTML tag.
Session_start();

Storing a session variable: Here in the sample variable value is set to 1
Session_start();
$_session[‘sample]=1;

What is session hijacking?

Session hijacking is the misuse of a valid computer session. It is used to attain unauthorized and illegal access to a system. This access is attained using the “brute force” attack where in he tries multiple id’s to login in a system while the session is in progress. The most common method of session hijacking is IP spoofing where an attacker uses source-routed IP packets to insert commands into an active communication between two systems on a network and pretending itself as one of the authenticated users.

What is meant by Session Clustering?

Session clustering is used to provide scalability for keeping the session data in synch across a “cluster” of PHP servers. The sessions reside on the machine in which they are created. These sessions are then delivered from one machine to another. This delivery is fully distributed. The Zend Session manager is used for transferring sessions from the system (session storage) to remote addresses.

How many ways I can register the variables into session?

Global variables in PHP can be registered using the session_register() function. It accepts different number of arguments, any of which can be either a string holding the name of a variable or an array consisting of variable names or other arrays

Example:
Session_register(“smple”);

$_session can also be used for registering variables.

Example:
$_SESSION['count'] = 0;

How many ways can we get the value of current session id?

Using session_id() function, the current value of the session can be found.

Syntax:
String session_id(string $id);

Short note on Starting a session

Adding session data
Here in the sample variable value is set to 1
<?php
      Session_start();
      $_session[‘sample]=1;
?>

Reading session data
Once the data is set, it immediately becomes available to read in the $_SESSION array.
<?php
      $_SESSION[‘sample’]=1;
      Print $_SESSION [‘sample’];
?>

Removing session data
The session data can be removed using the unset() function. Only specific elements of the $_SESSION array should be unset.
<?php
      $_SESSION[‘sample’]=1;
      Print $_SESSION [‘sample’];
      Unset ($_SESSION[‘sample’);
?>

Ending a session
A session lasts until the browser window is not closed. In order to explicitly end the session Session_destory(); is used for ending the session.
PHP security
PHP security tips - Avoid the use of global variables. Hence it must be ensured that register_globals option is not enabled.....
PHP handling file uploads
PHP handles file uploads through different method. POST method uploads: This allows user to upload both text and binary files..
PHP creating and deleting directories
Creating directories: PHP’s mkdir() can be used to create directories. It takes two parameters; path to desired directory and the permission..
Post your comment

You may like