A novice effort to understand PHP session

$_SESSION["username"] = "Callum";

What is callum. Is this retrieved from the database? or something Random. Slightly confused.

// continue the session
// retrieve session data
echo "Username = " . $_SESSION["username"];


Will not this →

// delete the username value

Delete all the session that are simultaneously occurring across the globe?

It’s a string. Where it comes from is irrelevant, the point is “Store this value into the $_SESSION[“Username”] value.”

No. $_SESSION is unique to each individual session.

session_start can be (extremely simplified, and probably not how it’s actually stored) thought of to do the following:

if(isset($_COOKIE['PHPSESSID']) {
  $_SESSION = json_decode(file_get_contents(_PHP_SESSION_DIR_."/".$_COOKIE['PHPSESSID']));
} else {
  $sessid = uniqid();
  $_COOKIE['PHPSESSID'] = $sessid;
  $_SESSION = [];

and during garbage cleanup:

if(isset($_COOKIE['PHPSESSID'])) {
1 Like

So when session works actually something(cookie) is also stored in browser for the purpose of maintaining unique interaction to that browser (and server in the form of session).

yup. a cookie is passed to the browser which it then sends along with every request; session_start() uses it to pull the information for the session each time you load a page.

There is a global expiry on sessions; if a session is unused for X minutes (default: 15), PHP will clean up its session directory and remove the file. Then when your browser tries to send session information, PHP will start a new session (remember I said my code is extremely simplified).

There exists (or did exist, i’ll be honest everyone uses cookies now, so I havent checked in a LONG time) a means to make PHP not use cookies; it instead would tack your session ID onto the end of any internal URL’s. Which… as you can imagine, isnt the most secure thing in the world…

1 Like

Now I understand How session is unique.

I was trying to get some practical Knack over the session I learned today and stumbled upon this article.

First thing(Non session related question) could not understand this →
if(!empty($_GET["action"])) {}

Action means submit button. So if not misinterpreting that means when an add to cart button is clicked?

That tutorial is horrible.

  1. It’s mixing logic with presentation, making both unclear
  2. It’s using quite unreadable code
  3. It’s using GET requests to modify stuff on the server - those should be POST requests

I’ve looked around, but I can’t really find any decent ones :shifty:

As for you question, yes, that is checking that the “Add to cart” button was pressed.

1 Like

Yes, I realized. But I was going through it thought it is concise, and short.


Same Here.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.