PHP sessions - a best practice teaching example

Whether you're selling airline tickets, updating financial records, or running a forum, you'll need software on your web server that maintains state. In other words, software which remembers who you are from page to page, remembers what you've been doing, and doesn't insist on you logging in each time.

If you want to write code at a low level, using cookies, you can do so ... but most modern languages or frameworks have a tool of some sort that bolts together your series of steps into a session at a higher level (i.e. withoout requiring you to write the low level stuff!). I was writing such an example in PHP earlier this week - on our PHP Techniques course.

It works like this:

a) you do a session_start at the beginning of each page. This will read back a cookie (if one exists) from any previous page, and if there is one it will read a disc file associated with that cookie into the $_SESSION superglobal array.

b) you then place anything you want to save for future pages into the $_SESSION superglobal.

Simple as that ... your $_SESSION is automatically saved at the end of your PHP page, and your cookie will be automatically (re)set as necessary.

Session / multi page application processing, PHP

Session / multi page application processing, PHP

Taking it a stage further, you'll typically write all the steps of an application that maintains state into a single script, and use a variable in $_SESSION to remember where abouts in the process the particular current user has got, as well as all of his settings. That way, whenever a page is submitted you'll be able to follow the same pattern which is
  • Read the cookie / session so far
  • Check the user inputs, save them as needed, work out which page is next
  • Prepare for that following page
  • Save the session / send the cookie back out
  • Send the response page
I've put a complete source code example showing the principles of that [here].

Planning out flow of users through your application

Planning out flow of users through your application

You'll also need to plan the various states / steps through your process - here's an example of a state diagram (UML) to show the flow through in the example used in this post.

This is good ... as far as it goes, but by the HTML (the look and feel) of the page as well as the PHP (how it acts) all in the one file, we've made it harder to look after. In real life, you're likely to have a graphic artist looking after how the screens look, and a programmer looking after how they run. My second example - [here] - splits the code out from the look and feel into two separate files; the look and feel is [here].

As a further stage, you'll want to have uniform error message handling, protection against injection attacks, sticky fields, and much more common logic that will be shared between multiple applications, and between all the various input boxes within each page of the same application. This extra logic will be separated out into separate functions (and indeed probably into separate files). I finished my demonstration the other day with a third example to show this - source code [here]. It uses the same template as the previous example, and is now robust enough for me to provide you with a copy on my server that you can run - see [here].
(written 2012-07-27, updated 2012-08-11) 327f

Associated topics are indexed under

H301 - PHP - Sticky fields and session
  [4070] Passing variable between PHP pages - hidden fields, cookies and sessions - (2013-04-26)
  [3918] Multiple page web applications - maintaining state - PHP - (2012-11-10)
  [3540] Easy session example in PHP - keeping each customers data apart - (2011-12-06)
  [2738] What is all this SESSION stuff about? (PHP) - (2010-04-25)
  [2416] Automating access to a page obscured behind a holding page - (2009-09-23)
  [1911] Remember Me - PHP - (2008-11-28)
  [1766] Diagrams to show you how - Tomcat, Java, PHP - (2008-08-22)
  [1739] Bath, Snake or Nag? - (2008-08-06)

H116 - Shopping Cart Application in PHP
  [1634] Kiss and Book - (2008-05-07)
  [1623] PHP Techniques - a workshop - (2008-04-26)
  [1487] Efficient PHP applications - framework and example - (2007-12-28)
  [1321] Resetting session based tests in PHP - (2007-08-26)

H115 - Designing PHP-Based Solutions: Best Practice
  [4069] Even early on, separate out your program from your HTML! - (2013-04-25)
  [3926] Filtering PHP form inputs - three ways, but which should you use? - (2012-11-18)
  [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22)
  [3539] Separating program and artwork in PHP - easier maintainance, and better for the user - (2011-12-05)
  [2679] How to build a test harness into your PHP - (2010-03-16)
  [2430] Not just a PHP program - a good web application - (2009-09-29)
  [2221] Adding a newsfeed for your users to a multipage PHP application - (2009-06-06)
  [2199] Improving the structure of your early PHP programs - (2009-05-25)
  [1794] Refactoring - a PHP demo becomes a production page - (2008-09-12)
  [1694] Defensive coding techniques in PHP? - (2008-07-02)
  [1533] Short and sweet and sticky - PHP form input - (2008-02-06)
  [1490] Software to record day to day events and keep an action list - (2007-12-31)
  [1482] A story about benchmarking PHP - (2007-12-23)
  [1391] Ordnance Survey Grid Reference to Latitude / Longitude - (2007-10-14)
  [1390] Converting from postal address to latitude / longitude - (2007-10-13)
  [1389] Controlling and labelling Google maps via PHP - (2007-10-13)
  [1381] Using a MySQL database to control mod_rewrite via PHP - (2007-10-06)
  [1323] Easy handling of errors in PHP - (2007-08-27)
  [1194] Drawing hands on a clock face - PHP - (2007-05-19)
  [1182] Painting a masterpiece in PHP - (2007-05-10)
  [1181] Good Programming practise - where to initialise variables - (2007-05-09)
  [1166] Back button - ensuring order are not submitted twice (PHP) - (2007-04-28)
  [1052] Learning to write secure, maintainable PHP - (2007-01-25)
  [1047] Maintainable code - some positive advice - (2007-01-21)
  [945] Code quality counts - (2006-11-26)
  [936] Global, Superglobal, Session variables - scope and persistance in PHP - (2006-11-21)
  [896] PHP - good coding practise and sticky radio buttons - (2006-10-17)
  [839] Reporting on the 10 largest files or 10 top scores - (2006-08-20)
  [572] Giving the researcher power over database analysis - (2006-01-22)
  [563] Merging pictures using PHP and GD - (2006-01-13)
  [426] Robust checking of data entered by users - (2005-08-27)
  [394] A year on - should we offer certified PHP courses - (2005-07-28)
  [340] Code and code maintainance efficiency - (2005-06-08)
  [261] Putting a form online - (2005-03-29)
  [237] Crossfertilisation, PHP to Python - (2005-03-06)
  [123] Short underground journeys and a PHP book - (2004-11-19)

Back to
Packing a tar, jar or war file - best practise

Previous and next
or
Horse's mouth home

Forward to
Well House Manor at Dawn ... and later in the day

Some other Articles

Planned for a quiet period during the Olympics - but it is far from that!
Know Python or PHP? Want to learn Perl too?
Town Clean - Melksham
Well House Manor at Dawn ... and later in the day
PHP sessions - a best practice teaching example
Packing a tar, jar or war file - best practise
Making things happen - litter and ASB and lost dogs in Melksham
Fpdf - generating .pdf documents easily from your PHP program
Want to escape the Olympics? Learn to program in the countryside!
The Melksham News - July 2012 - Part 2, TransWilts Rail, Wilts and Berks Canal

4086 posts, page by page

Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82 at 50 posts per page

42e2
This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

Public Training Courses

Running regularly at our UK training Centre.
[Schedule] - [About] - [Book]

Like this? ??