Posted on Updated on

Image result for SESSION in phpSESSION


$_SESSION is an exceptional cluster used to store data over the page asks for a client makes amid his visit to your site or web application. The most crucial approach to clarify what a sessions resembles is to envision the accompanying situation:

You are working with an application. You open it, roll out a few improvements, and after that you close it. That is a session in it’s least complex shape. The illustration situation is reminiscent of the procedure that happens when utilizing a login framework. The procedure can be to a great degree convoluted or unbelievably straightforward, the length of there is an esteem that holds on between solicitations. Data put away in the session can be called upon whenever amid the open session.

While there might be numerous clients getting to the site in the meantime, each with his own particular session, it’s gratitude to exceptional IDs alloted and oversaw by PHP for every session that permits every client’s session to be accessible just to himself. Session data is put away on the server instead of the client’s PC (as treat information is put away), which makes sessions more secure than conventional treats for passing data between page demands. In this article I’ll give you the wretched on utilizing sessions as a part of PHP – how to make them, how to devastate them, and how to ensure they stay secure.

Using Sessions

Before you can to store information in a session, you have to start PHP’s session handling. This is done at the beginning of your PHP code, and must be done before any text, HTML, or JavaScript is sent to the browser. To start the session, you call the session_start() function in your first file:


// start them engines!


// store session data

$_SESSION[“username”] = “Hello”;

session_start() starts the session between the user and the server, and allows values stored in $_SESSION to be accessible in other scripts later on.

In your second file, you call session_start() again which this time continues the session, and you can then retrieve values from $_SESSION.


// continue the session


// retrieve session data

echo “Username = ” . $_SESSION[“username”];

This case is an extremely essential exhibition of putting away and recovering information in a session. In the principal script, the esteem “Hello” was connected with the key “username” in the $_SESSION exhibit. In the second script, the data was asked for once again from the $_SESSION exhibit utilizing the key. $_SESSION permits you to store and recover data over the page solicitations of a client’s dynamic perusing session.

Ending a Session

As important as it is to begin a session, so it is to end one. Even though a session is only a temporary way to store data, it is very important to clean up after yourself to ensure maximum security when dealing with potentially sensitive information. It is also good practice and will avoid having a huge amount of stale session data sitting on the server.

To delete a single session value, you use the unset() function:

// delete the username value

To unset all of the session’s values, you can use the session_unset() function:

// delete all session values

Both examples only affect data stored in the session, not the session itself. You can still store other values to $_SESSIONafter calling them if you so choose. If you wish to completely stop using the session, for example a user logs out, you use the session_destroy() function.

// terminate the session

I highly recommended that when you are sure you no longer need the session that you destroy it using session_destroy(), rather than just unsetting all of its values with session_unset(). If you just unset all the value, the session itself is still active and malicious code could give those sessions harmful values.

That is sessions in a nutshell, the very basic but very powerful functionality within PHP that provides an elegant solution to the problem of passing data between web pages.

Session Security Tips

Despite there simplicity, there are still ways using sessions can go wrong. Here is a quick overview of some security techniques you can use to ensure you are using sessions safely.

Session Time-Outs

Timing-out sessions is a very important action if you are dealing with users logged in to your website or application. If a user logs in to your site in an Internet café and then leaves the computer and café without logging out, how do you stop the next user on that computer from still having access to the previous user’s session? Well you can use the following code:

// set time-out period (in seconds)
$inactive = 600;

// check to see if $_SESSION[“timeout”] is set
if (isset($_SESSION[“timeout”])) {
// calculate the session’s “time to live”
$sessionTTL = time() – $_SESSION[“timeout”];
if ($sessionTTL > $inactive) {
header(“Location: /logout.php”);

$_SESSION[“timeout”] = time();

The code ensures that if there is no activity for more than 600 seconds (10 minutes) the request is redirected to the logout page which would successfully log out the user.

Regenerate the Session ID

The session_regenerate_id() function creates a new unique-ID for to represent the current user’s session. This should be regenerated time any important authentication action is performed, such as logging in or updating user profile data. Giving the sessions a new ID after such actions make your application more secure by reducing the risk of a specific attack known as “Session Hijacking.”


if ($_POST[“username”] == “admin” && $_POST[“password”] == sha1(“password”)) {
$_SESSION[“authorized”] = true;

Destroy Sessions

As I already said, you ought to utilize session_destory() once you don’t have to utilize the session any more. This prevents aggressors from seize the stale session, again expanding the session-related security of your site.

Utilize Permanent Storage

Utilize a database to store information at the most punctual minute you know the information will be steady; don’t give it a chance to remain as a major aspect of the session for a really long time as this opens it up to conceivable assault. Truly consider whether the information has a place ought to be put away in $_SESSION since session information is intended to be transient.

For more details and queries please feel free to email, visit or call us. Wishing you the very best for all your future endeavors.

Helpline: 9814666333, 8699444666


Please fill the FORM and we shall contact you soon.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s