8.5. Using Session Tracking

Problem

You want to maintain information about a user as she moves through your site.

Solution

Use the session module. The session_start( ) function initializes a session, and accessing an element in the global $_SESSION array tells PHP to keep track of the corresponding variable.

session_start();
$_SESSION['visits']++;
print 'You have visited here '.$_SESSION['visits'].' times.';

Discussion

To start a session automatically on each request, set session.auto_start to 1 in php.ini. With session.auto_start, there’s no need to call session_start( ).

The session functions keep track of users by issuing them cookies with a randomly generated session IDs. If PHP detects that a user doesn’t accept the session ID cookie, it automatically adds the session ID to URLs and forms.[5] For example, consider this code that prints a URL:

print '<a href="train.php">Take the A Train</a>';

If sessions are enabled, but a user doesn’t accept cookies, what’s sent to the browser is something like:

<a href="train.php?PHPSESSID=2eb89f3344520d11969a79aea6bd2fdd">Take the A Train</a>

In this example, the session name is PHPSESSID and the session ID is 2eb89f3344520d11969a79aea6bd2fdd. PHP adds those to the URL so they are passed along to the next page. Forms are modified to include a hidden element that passes the session ID. Redirects with the Location header aren’t automatically modified, so you have to add a session ID to them yourself using the SID constant:

$redirect_url = 'http://www.example.com/airplane.php'; ...

Get PHP Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.