لطفا منتظر باشید ...
PHP Sessions
Because of the limitations I’ve just described, cookiesare not appropriate for storing large amounts of information. Also, because
of the negative impression that many people have of cookies, it’s not
uncommon for users to disable cookies in their browsers. So if you run an
ecommerce Website that uses cookies to store the items in a user’s shopping
cart as the user makes his or her way through your site, this can be a big
problem.Sessions were developed in PHP as the solution to all these issues.
Instead of storing all your (possibly large) data as cookies in the Web browser,
sessions let you store the data on your Web server. The only thing that’s
stored on the browser is a single cookie that contains the user’s session
ID—a variable that PHP watches for on subsequent page requests,
and uses to load the stored data that’s associated with that session.Unless configured otherwise, a PHP session works by automatically setting
in the user’s browser a cookie that contains the session ID—a
long string of letters and numbers that serves to identify that user uniquely
for the duration of his or her visit to your site. The browser then sends
that cookie along with every request for a page from your site, so that PHP
can determine to which of potentially numerous sessions-in-progress the request
belongs. Using a set of temporary files that are stored on the Web server,
PHP keeps track of the variables that have been registered in each session,
and their values.One of the big selling points of PHP sessions is that they also work
when cookies are disabled! If PHP detects that cookies
are disabled in the user’s browser, it will automatically add the session
ID as a query string variable on all the relative links on your page, thus
passing the session ID onto the next page. Be aware that all of the pages
on your site need to be PHP files for this to work, because PHP won’t
be able to add the session ID to links on non-PHP pages. Also, for this feature
to work, session.use_trans_sid must be enabled in your php.ini file
(see below), and PHP must be compiled with the --enable-trans-sid option
if you’re doing it yourself under Linux, or other Unix variants.Before you can go ahead and use the spiffy session-management
features in PHP, you need to ensure that the relevant section of your php.ini file
has been set up properly. If you’re using a server that belongs to your
Web host, it’s probably safe to assume this has been done for you. Otherwise,
open your php.ini file in a text editor and look for
the section marked [Session]. Beneath it, you’ll
find twenty-some options that begin with the word session.
Most of them are just fine if left as-is, but here are a few crucial ones
you’ll want to check:
session.save_handler = files
session.save_path = C:\WINDOWS\TEMP
session.use_cookies = 1
session.use_trans_sid = 1
session.save_path tells PHP where to create the temporary
files used to track sessions. It must be set to a directory that exists on
the system, or you’ll get ugly error messages when you try to create
a session on one of your pages. Under Unix, /tmp is a
popular choice. In Windows, you could use C:\WINDOWS\TEMP,
or some other directory if you prefer (I use D:\PHP\SESSIONS).
With these adjustments made, restart your Web server software to allow the
changes to take effect.You’re now ready to start working with PHP sessions. But before
we jump into an example, let’s quickly look at the most common session
management functions in PHP. To tell PHP to look for a session ID, or to start
a new session if none is found, you simply call session_start. If an existing
session ID is found when this function is called, PHP restores the variables
that belong to that session. Since this function attempts to create a cookie,
it must come before any page content is sent to the browser, just as we saw
for setcookie above.
session_start();
To create a session variable, which will be available on all pages in
the site when accessed by the current user, simply set a value in the special $_SESSION array[2]. For example, the following will store the variable called pwd in
the current session:
$_SESSION['pwd'] = 'mypassword';
To remove a variable from the current session, you just use PHP's unset function:
unset($_SESSION['pwd']);
Finally, should you want to end the current session, deleting all registered
variables in the process, you can clear all the stored values and use session_destroy:
$_SESSION = array();
session_destroy();
For more detailed information on these and the other session-management
functions in PHP, see the relevant
section of the PHP Manual. Now that we have these basic functions
under our belt, let’s put them to work in a simple example.
[2]In PHP versions prior to 4.1, this array was called $HTTP_SESSION_VARS.
This name also remains available in current versions of PHP for backwards
compatibility.
