PHP's session

PHP's session allows to store vital browser information visiting a web site in a browser's session. This is done in PHP using session_start() method. Each page that relies on session information need to use this functionality, therefore it is a good idea to handle the session by a separate file that is referred by every web site page that relies on session data. Session information is stored in browser memory therefore it can be considered secure.

What information can be stored in session?

- Web site user name.

- Web site login state.

Information is written to a session using keyword $_SESSION, followed by name of the property in square brackets. This name of session variable also must be included in quotes. This must be followed by equal sign and the data that needs to be stored in session. 

Once session data is written, session needs to be closed by session_write_close() statement.

Session data can be retrieved by using keyword $_SESSION that follows name of a session variable. Session variable needs to be put in square brackets and quotes.

Browser session can be cleared by using session_destroy() method. It will clear all of the content of the PHP's session.

Each request to web page is session less, storing vital information in browser's session variables overcomes that limitation.

Even so, it is possible to store browser's information in a cookie, cookie's information should not be considered secure.


Comments

Post a Comment

Popular posts from this blog

Absolute and relative path in HTML pages

HTML documents can have relative or absolute links to other web pages. Relative links keeps a visitor on the same web site. Relative links are pointers to other web pages on the same web site. They just contain this page filename. Absolute links on other hand contain full path including protocol and domain name to access the page. Absolute links can point to the same web site or they can point to a different web site.
Read more

Errors

It is a good idea to send errors in production environment to error log. Errors may contain sensitive information. Even so errors maybe helpful to development team or to QA team, errors need to be suppressed in production environment for viewing by everyone. Errors are good way to troubleshoot an issue therefore only trusted people can have access to this information. If not a trusted person get an access to this information, this information maybe used against the company and for a personal benefit. What to do in a case when there are more servers than one? Even so it is possible to inspect the log files in a single server, however it is impossible to do so when there is more than one server is available and web traffic is redirected to a different server each time. Log aggregation is needed in this case. All of the logs will be send to a central location. Logs may contain sensitive information. Please consult your company lawyer of how long logs can be stored, because logs can be use...
Read more

goto PHP operator

goto operator will skip execution of code and continue execution of a code that follows a label to which goto operator points to. If code has many goto operators, than this code probably needs a revision. It is possible to write code that executes without goto operators.
Read more