PHP Sessions Explained: Store User Data Across Multiple Pages
PHP Sessions Explained: Store User Data Across Multiple Pages
When building dynamic web applications, you often need to remember information about a user while they navigate from one page to another. For example, after a user logs in, you don't want them to log in again on every page. PHP Sessions solve this problem.
In this tutorial, you'll learn what sessions are, why they're useful, and how to use them with practical examples.
What is a PHP Session?
A PHP session is a way to store user information on the server. Each visitor gets a unique session ID, allowing PHP to retrieve the correct data for that user.
Unlike cookies, session data is stored on the server, making it more secure.
Why Use Sessions?
Sessions are commonly used for:
User login systems
Shopping carts
Remembering user preferences
Multi-step forms
Authentication and authorization
Starting a Session
Before using session variables, you must start the session.
<?php
session_start();
?>
Call session_start() before any HTML output.
Creating Session Variables
<?php
session_start();
$_SESSION["username"] = "Sunil";
$_SESSION["email"] = "sunil@example.com";
echo "Session variables created.";
?>
Accessing Session Variables
<?php
session_start();
echo "Username: " . $_SESSION["username"];
echo "<br>";
echo "Email: " . $_SESSION["email"];
?>
Output:
Username: Sunil
Email: sunil@example.com
Checking if a Session Exists
<?php
session_start();
if(isset($_SESSION["username"])) {
echo "Welcome " . $_SESSION["username"];
} else {
echo "Please login.";
}
?>
Using isset() prevents errors if the session variable doesn't exist.
Updating a Session Variable
<?php
session_start();
$_SESSION["username"] = "PHP Sunil";
echo $_SESSION["username"];
?>
Removing a Single Session Variable
<?php
session_start();
unset($_SESSION["username"]);
echo "Username session removed.";
?>
Destroying the Entire Session
<?php
session_start();
session_unset();
session_destroy();
echo "Session destroyed.";
?>
This logs the user out by deleting all session data.
Simple Login Example
login.php
<?php
session_start();
$_SESSION["username"] = "Admin";
echo "Login Successful";
echo "<br>";
echo "<a href='dashboard.php'>Go to Dashboard</a>";
?>
dashboard.php
<?php
session_start();
if(isset($_SESSION["username"])) {
echo "Welcome " . $_SESSION["username"];
} else {
echo "Access Denied";
}
?>
Session vs Cookies
| Session | Cookie |
|---|---|
| Stored on server | Stored in browser |
| More secure | Less secure |
| Automatically deleted after session ends | Can remain for days or months |
| Ideal for login data | Ideal for user preferences |
Common Mistakes
Forgetting to call
session_start()Calling
session_start()after HTML outputUsing session variables without checking
isset()Forgetting to destroy sessions during logout
Best Practices
Always start the session at the beginning of the script.
Regenerate the session ID after login.
Destroy the session during logout.
Never store sensitive passwords directly in session variables.
Comments
Post a Comment