PHP MySQL - Stilson.net

www.it-ebooks.infoCHAPTER 18 • SESSION HANDLERSWorking with SessionsThis section introduces many of the key session-handling tasks, presenting the relevant sessionfunctions along the way. Some of these tasks include the creation and destruction of a session,designation and retrieval of the SID, and storage and retrieval of session variables. This introduction setsthe stage for the next section, in which several practical session-handling examples are provided.Starting a SessionRemember that HTTP is oblivious to both the user’s past and future conditions. Therefore, you need toexplicitly initiate and subsequently resume the session with each request. Both tasks are done using thesession_start() function. Its prototype looks like this:boolean session_start()Executing session_start() will create a new session if no SID is found, or continue a current sessionif an SID exists. You use the function by calling it like this:session_start();One important issue which confounds many newcomers to the session_start() function involvesexactly where this function can be called. Neglecting to execute it before any other output has been sentto the browser will result in the generation of an error message (headers already sent).You can eliminate execution of this function altogether by enabling the configuration directivesession.auto_start. Keep in mind, however, that this will start or resume a session for every PHPenabledpage, plus it will introduce other side effects such as requiring the loading of class definitionsshould you wish to store object information within a session v|ariable.Destroying a SessionAlthough you can configure PHP’s session-handling directives to automatically destroy a session basedon an expiration time or garbage collection probability, sometimes it’s useful to manually cancel out thesession yourself. For example, you might want to enable the user to manually log out of your site. Whenthe user clicks the appropriate link, you can erase the session variables from memory, and evencompletely wipe the session from storage, done through the session_unset() and session_destroy()functions, respectively.The session_unset() function erases all session variables stored in the current session, effectivelyresetting the session to the state in which it was found upon creation (no session variables registered).Its prototype looks like this:void session_unset()While executing session_unset() will indeed delete all session variables stored in the currentsession, it will not completely remove the session from the storage mechanism. If you want tocompletely destroy the session, you need to use the function session_destroy(), which invalidates thecurrent session by removing the session from the storage mechanism. Keep in mind that this will notdestroy any cookies on the user’s browser. Its prototype looks like this:373