What is a session?

In general, session refers to a frame of communication between two medium. A PHP session is used to store data on a server rather than the computer of the user. Session identifiers or SID is a unique number which is used to identify every user in a session based environment. The SID is used to link the user with his information on the server like posts, emails etc.

How are sessions better than cookies?

Although cookies are also used for storing user related data, they have serious security issues because cookies are stored on the user’s computer and thus they are open to attackers to easily modify the content of the cookie. Addition of harmful data by the attackers in the cookie may result in the breakdown of the application.
Apart from that cookies affect the performance of a site since cookies send the user data each time the user views a page. Every time the browser requests a URL to the server, all the cookie data for that website is automatically sent to the server within the request.

Below are different steps involved in PHP sessions:

• Starting a PHP Session: The first step is to start up a session. After a session is started, session variables can be created to store information. The PHP session_start() function is used to begin a new session.It also creates a new session ID for the user.

  Below is the PHP code to start a new session:

  
  

  
  
  

  <?php    session_start();    ?>

• Storing Session Data: Session data in key-value pairs using the $_SESSION[] superglobal array.The stored data can be accessed during lifetime of a session.

  Below is the PHP code to store a session with two session variables Rollnumber and Name:

  
  

  
  
  

  <?php    session_start();    $_SESSION["Rollnumber"] = "11"; $_SESSION["Name"] = "Ajay";    ?>

• Accessing Session Data: Data stored in sessions can be easily accessed by firstly calling session_start() and then by passing the corresponding key to the $_SESSION associative array.

  The PHP code to access a session data with two session variables Rollnumber and Name is shown below:

  
  

  
  
  

  <?php    session_start();    echo 'The Name of the student is :' . $_SESSION["Name"] . '<br>';  echo 'The Roll number of the student is :' . $_SESSION["Rollnumber"] . '<br>';    ?>

  Output:

  The Name of the student is :Ajay 
  The Roll number of the student is :11

• Destroying Certain Session Data: To delete only a certain session data,the unset feature can be used with the corresponding session variable in the $_SESSION associative array.

  The PHP code to unset only the “Rollnumber” session variable from the associative session array:

  
  

  
  
  

  <?php    session_start();     if(isset($_SESSION["Name"])){     unset($_SESSION["Rollnumber"]); }    ?>

• Destroying Complete Session: The session_destroy() function is used to completely destroy a session. The session_destroy() function does not require any argument.

  
  

  
  
  

  <?php    session_start(); session_destroy();    ?>

Important Points

1. The session IDs are randomly generated by the PHP engine .
2. The session data is stored on the server therefore it doesn’t have to be sent with every browser request.
3. The session_start() function needs to be called at the beginning of the page, before any output is generated by the script in the browser.