If you're booking an airline flight online, you'll be taken through a series of screens to select route, dates, times, passengers, seats, then to enter payment details, and perhaps visa / government information too. It would be impractical to do the whole job on a single page, as you need the intermediate feedback.
How does the booking web site achieve this multi-step process for you, keeping your data from page to page - sometimes for quite a few minutes while you check with the family / work out if you can get the dog to the kennels and still catch the 11:15 flight - and not get you confused with the hundreds of other customers on the same web site at the same time?
This separation of individual users, overlaying a web based / http system which is a "stateless" structure, is commonly achieved using Cookies
• When you arrive at a site, you do NOT have a cookie for that site.
• When the site sends out its first (program) response to you, it includes a cookie in the headers. This is something like "userid=xxyyzp" where the server / site has produced a unique string for the value - xxyyzp in my example. The next user arriving may get "userid=xxyyzq" and so on.
• On each subsequent request to the site, your browser will automatically include the cookie in it headers, and the web site's programs will then identify which particular visitor it is who's returning.
Of course, the string "xxyyzp" doesn't include all the vital data such as a note of where you want to fly to, and on what day, which you enter early on your visit to the site - information which is needed much later in the booking process too - so the server will be programmed to save all these various values to a file (either a regular file, or a record within a database - both schemes work well) at the end of each page, and will read them back in at the start of processing the next page. Sometimes you'll hear this file referred to as you session, at other times as your shopping cart.
From yesterday's PHP course, I have uploaded the source code of an example I wrote [here]
which shows how cookies are used to create session files. In the example, we are only saving one piece of data in the file (the number of previous visits), as it's just an illustration of principle.
Sessions of this sort are a VERY common requirement in PHP applications, and my example above needs to be enhanced to deal with issues such as cleaning up completed (expired) sessions, and keeping the session files in another place so that they can't be accessed directly. So PHP has, built in, some special session handling facilities, and a superglobal array called $_SESSION to automate the process for you. There's a complete source code example - the equivalent of the example above - [here]
. You'll note that it's much shorter!
When you call session_start
, PHP reads in any existing session into the $_SESSION superglobal, or initializes a new session and sends out a cookie (by default called PHPSESSID) to a new arrival. At the end of your script, $_SESSION is automatically saved (disc or database) so that anything it contains is available to you as soon as you have done your session_srat on the next page.
The PHP session functions also tidy up old sessions, send out cookies which expire after a certain time, etc ... i.e. they do all the bookkeeping for you. So my second code sample was shorter ... and also more secure and complete. (written 2010-04-25, updated 2010-05-14)
Associated topics are indexed underH301 - PHP - Sticky fields and session 
Passing variable between PHP pages - hidden fields, cookies and sessions - (2013-04-26) 
Multiple page web applications - maintaining state - PHP - (2012-11-10) 
PHP sessions - a best practice teaching example - (2012-07-27) 
Easy session example in PHP - keeping each customers data apart - (2011-12-06) 
Automating access to a page obscured behind a holding page - (2009-09-23) 
Remember Me - PHP - (2008-11-28) 
Diagrams to show you how - Tomcat, Java, PHP - (2008-08-22) 
Bath, Snake or Nag? - (2008-08-06)A207 - Web Application Deployment - HTTP 
3 digit HTTP status codes - what are they, which are most common, which should be a concern? - (2011-09-11) 
Downloading a report from the web for further local analysis - (2010-08-13) 
Http protocol - what does a web server send - (2010-01-24) 
Uploading and Downloading files - changing names (Perl and PHP) - (2009-08-04) 
http, https and ajp - comparison and choice - (2008-02-22) 
Web page (http) error status 405 - (2008-01-12) 
Etag in http headers - what is it? - (2007-10-03) 
Setting the file name for a downloaded document - (2005-11-03)
Some other Articles
A simple server benchmark scriptWhat is a factory?Melksham Hustings at George Ward SchoolMelksham ScoutsWhat is all this SESSION stuff about? (PHP)Improving your function calls (APIs) - General and PHPPerl Course FAQType checking, Java arrays and collectionsfor and foreach in JavaTravel Troubles and Jesus again