Session in PHP
Another way to make data accessible on different pages of an entire Web site is to use a PHP Session (session).
A session creates a file in a temporary directory on the Server, where session variables are registered and their values are stored. This data will be available to all sites on the site during the process of accessing that site.
The location of the temporary file defined by an installation in the php.ini file is called session.save_path . Before using any session variable, make sure that you have installed this path.
When a session starts, the following happens:
- First, PHP creates a unique identifier for that particular session, which is a random string of 32 hexadecimal numbers, like 3c7foj34c3jj973hjkop2fc937e3443.
- A cookie called PHPSESSID will be sent automatically to the user's computer to store the unique session identifier string above.
- A file is created automatically on the server in the specified temporary directory and it bears the name of the unique identifier and starts with sess_. For example: sess_3c7foj34c3jj973hjkop2fc937e3443.
When PHP script wants to retrieve the value from a session variable, PHP automatically retrieves the string that identifies this unique session from the PHPSESSID cookie, then looks for the file bearing that name in its temporary directory, an authentication can be completed. by comparing those values.
A session ends when the user turns off the browser or after leaving the site, the Server will terminate the session after a predetermined time, usually 30 minutes.
Start a PHP Session
PHP session is very simple to start by creating a call to session_start () function. First, this function checks whether a session has started, otherwise it will start a session. This call for session_start () function is recommended at the top of the page.
Session variables stored in the conjugate array are $ _SESSION []. These variables can be accessed throughout a session's lifetime.
The following example starts a session, then registers a variable named counter , which is incremented every time the page is accessed throughout its life cycle.
Use the isset () function to check if the session variable is set.
Put this code into the test.php file and load this file multiple times to see the result:
php session_start (); if ( isset ( $_SESSION [ 'counter' ] ) ) { $_SESSION [ 'counter' ] += 1 ; } else { $_SESSION [ 'counter' ] = 1 ; } $msg = "Bạn đã vào trang " . $_SESSION [ 'counter' ]; $msg .= " lần trong phiên này." ; ?> Thiết lập phiên PHP php echo ( $msg ); ?>
Save the above program in a file named test.php in b, then open the browser and type the address http:/// localhost: 8080 / test.php, you load 10 times, the results are as follows:
You have visited the page 10 times in this session.
Canceling a PHP Session
Session in PHP can be canceled with session_destroy () function. This function does not need any parameters and a single call can cancel all session variables. If you want to cancel a single session variable, then you use the unset () function to cancel setting a session variable.
This is an example to cancel setting a single session variable.
Below is a function call that will cancel all session variables.
Turn on Auto Session in PHP
You do not need to call the start_session () function to start a session when a user accesses your site, if you set the session.auto_start variable to 1 in the php.ini file.
Session without cookies in PHP
There will be instances when users do not allow cookies to be stored on their machines. So there is another way to send session IDs to the browser.
Alternatively, you can use the SID constant, defined when the session starts. If the Client does not send an appropriate session cookie, it is in the form of session_name = session_id. Otherwise, it expands into an empty string. Therefore, you can embed it unconditionally in URLs.
The following example illustrates how to register a variable and how to correctly link to another page via SID.
php session_start (); if ( isset ( $_SESSION [ 'counter' ])) { $_SESSION [ 'counter' ] = 1 ; } else { $_SESSION [ 'counter' ]++; } $msg = "Bạn đã truy cập trang " . $_SESSION [ 'counter' ]; $msg .= "lần trong phiên này." ; echo ( $msg ); ?>
Để tiếp tục, bạn hãy click vào link sau:
/> php echo htmlspecialchars ( SID ); ?> ">
Save the above program in a file named test.php in htdocs , then open the browser and type the address http:/// localhost: 8080 / test.php will result:
You have accessed the page 1 time in this session.
To continue, please click on the following link:
The htmlspecialchars () function can be used when printing SIDs to avoid XSS-related attacks.
Follow tutorialspoint
Previous post: Cookie in PHP
Next post: Send Email using PHP
You should read it
- Web13: Session Hijacking Hacking Techniques
- Function SESSION_USER in SQL Server
- The reset session command in Windows
- How to Create a Secure Session Management System in PHP and MySQL
- Group Session: A new feature on Spotify that allows users to listen to music together
- Learn about attacking Man in the Middle - Taking over Session control
- Qwinsta (query session) command in Windows
- Web12: Session Fixation hacking technique
- Steps to Fix the error that cannot be copied and pasted into the Remote Desktop session
- How to manage and restore Tmux sessions in Linux
- How to use Fiddler to collect HTTP / HTTPS sessions for debugging
- Fix taskbar not hidden in Windows Remote Desktop session
Maybe you are interested
4 ways to log out of an Ubuntu Desktop session
Specter vulnerability is still an obsession for Intel CPU users, Microsoft officially offers a solution
Hot Patching, a new feature that helps end the 'Update and Restart' obsession
Web12: Session Fixation hacking technique
Web13: Session Hijacking Hacking Techniques
Lapsus$ hacker group claims to be in possession of Microsoft's source code