Introduction
Session management in PHP is used to store and maintain user information across multiple web pages. Since HTTP is a stateless protocol, sessions help websites remember user data during browsing activities.
Sessions are commonly used in login systems, shopping carts, dashboards, and secure web applications.
Objectives
By the end of this training, you will be able to:
- Understand session management in PHP
- Create and start sessions
- Store and retrieve session data
- Destroy sessions securely
- Manage user authentication using sessions
- Improve website security with session handling
What is a Session
A session is a way to store user information on the server for temporary use across multiple pages.
Each user gets a unique session ID that helps the server identify and track the user during website activity.
Why Session Management is Important
Session management helps developers:
- Keep users logged in
- Store temporary user data
- Track user activities
- Manage shopping carts
- Improve website security
- Create personalized user experiences
How PHP Sessions Work
PHP creates a unique session ID for every visitor. The session data is stored on the server, while the session ID is stored in the userās browser.
When the user moves to another page, PHP uses the session ID to access stored data.
Starting a Session in PHP
The session_start() function is used to begin a session.
<?php
session_start();
?>This function must appear before any HTML output.
Creating Session Variables
Session variables store user information.
<?php
session_start();
$_SESSION["username"] = "Ali";
$_SESSION["email"] = "ali@example.com";
echo "Session variables created";
?>Accessing Session Variables
You can retrieve stored session data using the $_SESSION superglobal.
<?php
session_start();
echo $_SESSION["username"];
echo $_SESSION["email"];
?>Checking Session Variables
Use the isset() function to verify whether a session exists.
<?php
session_start();
if(isset($_SESSION["username"])) {
echo "User is logged in";
} else {
echo "Session not found";
}
?>Updating Session Variables
Session values can be modified anytime.
<?php
session_start();
$_SESSION["username"] = "Ahmed";
echo "Session updated";
?>Destroying a Session
Sessions should be destroyed during logout for security purposes.
<?php
session_start();
session_unset();
session_destroy();
echo "Session destroyed";
?>Login System Using Sessions
Sessions are commonly used in authentication systems.
<?php
session_start();
$username = "admin";
$password = "12345";
if($username == "admin" && $password == "12345") {
$_SESSION["user"] = $username;
echo "Login successful";
} else {
echo "Invalid credentials";
}
?>Logout System Example
<?php
session_start();
session_destroy();
echo "Logged out successfully";
?>Session Timeout Management
Session timeout improves security by automatically logging out inactive users.
<?php
session_start();
$timeout = 300;
if(isset($_SESSION['last_activity'])) {
if(time() - $_SESSION['last_activity'] > $timeout) {
session_unset();
session_destroy();
}
}
$_SESSION['last_activity'] = time();
?>Best Practices for Session Security
Regenerate Session ID
Use session_regenerate_id() to prevent session hijacking.
<?php
session_start();
session_regenerate_id(true);
?>Store Sensitive Data Securely
Avoid storing passwords or highly sensitive information directly in sessions.
Use HTTPS
Secure websites should use HTTPS to protect session data during transmission.
Destroy Sessions on Logout
Always destroy sessions after logout to prevent unauthorized access.
Advantages of Session Management
- Maintains user login status
- Improves user experience
- Enhances website security
- Supports personalized content
- Enables secure authentication systems
Common Uses of Sessions
- User login systems
- Online shopping carts
- Admin dashboards
- Multi-page forms
- User preference settings
- Secure web applications
Real World Applications
Many popular websites and applications use sessions for:
- Banking portals
- E-commerce stores
- Learning management systems
- Social media platforms
- Membership websites
Final Presentation
In your final presentation, explain:
- What session management is
- Why sessions are important
- How PHP sessions work
- Creating and accessing session variables
- Destroying sessions securely
- Security best practices for session handling