What is Session Control/Variables?

In the post An
Example of User Authentication System in PHP we created a simple authorization
system which could show a personalized page when the user enters correct username
and passwords. But since HTTP is a stateless protocol (it can’t figure
out if two subsequent requests come from the same user) we cannot preserve the
state (logged in) on ant consecutive clicks. All it means is that after logging
in into that script, if the user clicks on some link, there is no way we can
preserve the logged in state (know that a logged in user is requesting a page).
Therefore we cannot, that way, personalize the whole site for the logged in
user.

So, only logging in someone is not all, we’ve tpo preserve that state
across the whole session. For this PHP gives us a easy-to-use method. We call
it Session Control because it can help maintain a state throughout a session.

We implement Session Control using Session Variables whose values are preserved
throughout a session. But before accessing or creating any session variable
we need to begin a session with the help of the following code:

session_start();

After this we can register session variables like below:

$_SESSION['var']=1;

Above line of code will create a special variable ‘var’ having
value 1. the speciality being that its value will be preserved across consecutive
re quests to pages unless the session expires.

<?php //start a session session_start(); //create a session variable $_SESSION['var']=1; ?>

And the following:

<?php //start a session session_start(); //display session varaible echo $_SESSION['var']; ?>

Now if you request the first script followed by the second, the second one
will have access to the variable set by the first one. The requesting of these
two pages comprises a session and hence session variable ‘var’ is
accessible to the second script. Do remember that the second script can access
the session variable only if the first script was requested prior to it from
the same computer and browser. If you close the browser or request the second
page from other computer or browser without running the first script the session
variable will not contain any value. What it means is that the client machine
stores the session data.

So if ten computers set ten different session variables we may track and serve
content to each of them separately and uniquely according to their authorization
level. This is how ‘Actual’ User Login Systems work.

Just like starting a session, when you are through with the session acess you
can close it using the following function:

session_destroy();

After invoking this no session variable will be accessible. This is what we
know as logging out.

<?php //start a session session_start(); //display session varaible echo $_SESSION['var']; //destroy session session_destroy(); //if you reload the page session //variable will not be aceessible //since that session was destroyed ?>