With the release of PHP4, session management was introduced as an extension to the PHP language. PHP provides several session-related functions, and developing applications that use PHP sessions is straightforward. The three important features of session management are mostly taken care of by the PHP scripting engine.
In this section, we present how to use PHP sessions, showing how sessions are started and ended and how session variables are used. We list the PHP functions for building session-based web applications. Because not all browsers support cookies, and some users actively disable them, we describe how to use PHP sessions without relying on cookies. Finally, we show how to configure PHP session management with a discussion on the garbage collection used to remove old sessions and other configuration parameters.
An overview of PHP session
management is shown in Figure 8-1. When a user
first enters the session-based application by making a request to a
page that starts a session, PHP generates a session ID and creates a
file that stores the session-related variables. PHP sets a cookie to
hold the session ID in the response the script generates. The browser
then records the cookie and includes it in subsequent requests. In
the example shown in Figure 8-1, the script
welcome.php records session variables in the
session store, and a request to
has access to those variables because of the session ID.
Figure 8-1. The interaction between ...