A novice effort to understand PHP session

codeispoetry · September 29, 2019, 11:43am

$_SESSION["username"] = "Callum";

What is callum. Is this retrieved from the database? or something Random. Slightly confused.

<?php
// continue the session
session_start();
// retrieve session data
echo "Username = " . $_SESSION["username"];

Also,

Will not this →

<?php
session_start();
// delete the username value
unset($_SESSION["username"]);

Delete all the session that are simultaneously occurring across the globe?

m_hutley · September 29, 2019, 12:54pm

It’s a string. Where it comes from is irrelevant, the point is “Store this value into the $_SESSION[“Username”] value.”

No. $_SESSION is unique to each individual session.

session_start can be (extremely simplified, and probably not how it’s actually stored) thought of to do the following:

if(isset($_COOKIE['PHPSESSID']) {
  $_SESSION = json_decode(file_get_contents(_PHP_SESSION_DIR_."/".$_COOKIE['PHPSESSID']));
} else {
  $sessid = uniqid();
  file_put_contents(_PHP_SESSION_DIR_."/".$sessid,"{}");
  set_cookie('PHPSESSID',$sessid);
  $_COOKIE['PHPSESSID'] = $sessid;
  $_SESSION = [];
  unset($sessid);
}

and during garbage cleanup:

if(isset($_COOKIE['PHPSESSID'])) {
  file_put_contents(_PHP_SESSION_DIR_."/".$_COOKIE['PHPSESSID'],json_encode($_SESSION));
}

codeispoetry · September 29, 2019, 1:14pm

So when session works actually something(cookie) is also stored in browser for the purpose of maintaining unique interaction to that browser (and server in the form of session).

m_hutley · September 29, 2019, 1:19pm

yup. a cookie is passed to the browser which it then sends along with every request; session_start() uses it to pull the information for the session each time you load a page.

There is a global expiry on sessions; if a session is unused for X minutes (default: 15), PHP will clean up its session directory and remove the file. Then when your browser tries to send session information, PHP will start a new session (remember I said my code is extremely simplified).

There exists (or did exist, i’ll be honest everyone uses cookies now, so I havent checked in a LONG time) a means to make PHP not use cookies; it instead would tack your session ID onto the end of any internal URL’s. Which… as you can imagine, isnt the most secure thing in the world…

codeispoetry · September 29, 2019, 1:23pm

Now I understand How session is unique.

codeispoetry · September 29, 2019, 5:28pm

I was trying to get some practical Knack over the session I learned today and stumbled upon this article.

First thing(Non session related question) could not understand this →
if(!empty($_GET["action"])) {}

Action means submit button. So if not misinterpreting that means when an add to cart button is clicked?

rpkamp · September 29, 2019, 7:06pm

That tutorial is horrible.

It’s mixing logic with presentation, making both unclear
It’s using quite unreadable code
It’s using GET requests to modify stuff on the server - those should be POST requests

I’ve looked around, but I can’t really find any decent ones

As for you question, yes, that is checking that the “Add to cart” button was pressed.

codeispoetry · September 29, 2019, 7:28pm

Yes, I realized. But I was going through it thought it is concise, and short.

True.

Same Here.

system · December 30, 2019, 2:29am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.