PHP Sessions Explained: Store User Data Across Multiple Pages

  

PHP Sessions Explained: Store User Data Across Multiple Pages

When building dynamic web applications, you often need to remember information about a user while they navigate from one page to another. For example, after a user logs in, you don't want them to log in again on every page. PHP Sessions solve this problem.

In this tutorial, you'll learn what sessions are, why they're useful, and how to use them with practical examples.

What is a PHP Session?

A PHP session is a way to store user information on the server. Each visitor gets a unique session ID, allowing PHP to retrieve the correct data for that user.

Unlike cookies, session data is stored on the server, making it more secure.

Why Use Sessions?

Sessions are commonly used for:

  • User login systems

  • Shopping carts

  • Remembering user preferences

  • Multi-step forms

  • Authentication and authorization

Starting a Session

Before using session variables, you must start the session.

<?php
session_start();
?>

Call session_start() before any HTML output.

Creating Session Variables

<?php
session_start();

$_SESSION["username"] = "Sunil";
$_SESSION["email"] = "sunil@example.com";

echo "Session variables created.";
?>

Accessing Session Variables

<?php
session_start();

echo "Username: " . $_SESSION["username"];
echo "<br>";
echo "Email: " . $_SESSION["email"];
?>

Output:

Username: Sunil
Email: sunil@example.com

Checking if a Session Exists

<?php
session_start();

if(isset($_SESSION["username"])) {
    echo "Welcome " . $_SESSION["username"];
} else {
    echo "Please login.";
}
?>

Using isset() prevents errors if the session variable doesn't exist.

Updating a Session Variable

<?php
session_start();

$_SESSION["username"] = "PHP Sunil";

echo $_SESSION["username"];
?>

Removing a Single Session Variable

<?php
session_start();

unset($_SESSION["username"]);

echo "Username session removed.";
?>

Destroying the Entire Session

<?php
session_start();

session_unset();
session_destroy();

echo "Session destroyed.";
?>

This logs the user out by deleting all session data.

Simple Login Example

login.php

<?php
session_start();

$_SESSION["username"] = "Admin";

echo "Login Successful";
echo "<br>";
echo "<a href='dashboard.php'>Go to Dashboard</a>";
?>

dashboard.php

<?php
session_start();

if(isset($_SESSION["username"])) {
    echo "Welcome " . $_SESSION["username"];
} else {
    echo "Access Denied";
}
?>

Session vs Cookies

SessionCookie
Stored on serverStored in browser
More secureLess secure
Automatically deleted after session endsCan remain for days or months
Ideal for login dataIdeal for user preferences

Common Mistakes

  • Forgetting to call session_start()

  • Calling session_start() after HTML output

  • Using session variables without checking isset()

  • Forgetting to destroy sessions during logout

Best Practices

  • Always start the session at the beginning of the script.

  • Regenerate the session ID after login.

  • Destroy the session during logout.

  • Never store sensitive passwords directly in session variables.

Comments

Popular posts from this blog

Simple PHP Mysql Shopping Cart

How to seperate character from string in php

How to Delete record using PHP Ajax