How to Start a PHP Session

The key to using PHP sessions is the session_start() function. You call session_start() on every page and subsequently have access to all the items in the $_SESSION array.

It might seem like a bit of an odd name for the function, session_start(), because on most pages you really just want to continue the session and access the variables that are there. But in reality, session_start() does both: It starts a new session if need be and continues an existing session where appropriate.

The session_start() function is called simply like this:

<?php
 
session_start();
 
// Other PHP statements here
 
?>

Here's code for a few pages that track when you accessed the first page of the application. This shows the use of the session_start() function and then creation of a variable to hold the initial access time.

Here is the code for the first page, called page1.php.

<?php
 
session_start();
 
$_SESSION['accessTime'] = date("M/d/Y g:i:sa");
print "This is page 1<br />";
 
print "You accessed the application at: " . $_SESSION['accessTime'];
 
print "<div><a href=\"page2.php\">Continue to next page</a></div>";
 
?>

When viewed in a browser, the page looks like the following:

image0.jpg

The next page in the application then starts the session and can access any variables already set in the session. Here is the code for the second page, page2.php.

<?php
 
session_start();
 
print "This is page 2<br />";
 
print "You accessed the application at: " . $_SESSION['accessTime'];
 
print "<div><a href=\"page3.php\">Continue to next page</a></div>";
 
?>

Notice in the code that the variable $_SESSION['accessTime'] is not set again, but merely accessed after the session is started. When you're on page1.php and click the link to go to the next page, you get a page like this one:

image1.jpg

You can store just about anything in a session, but you should be aware that session can, and sometimes does, disappear for a variety of reasons. One reason a session might disappear is that it times out. If users sit on a page for too long, the session might not be there when they begin using the application again.

The practical implication of session disappearance is that any variables you've previously set will also disappear. Therefore, it's good practice to check if the session contains the values that you expect prior to using them.

There are a couple ways to do this. One way would be to check all variables prior to accessing them. For example, you could change the code to check for the $_SESSION['accessTime'] variable prior to using it in output.

<?php
 
session_start();
 
if (!isset($_SESSION['accessTime'])) {
    die(header("Location: page1.php"));
}
 
print "This is page 2<br />";
 
print "You accessed the application at: " . $_SESSION['accessTime'];
 
print "<div><a href=\"page3.php\">Continue to next page</a></div>";
 
?>

This listing added the following code:

if (!isset($_SESSION['accessTime'])) {
    die(header("Location: page1.php"));
}

The location of that code is important. Because that code needs to send an HTTP header, it needs to appear prior to any other output. So for instance, if that code appeared below the "This is page 2" output, it wouldn't work because the headers have already been sent. The code appears prior to any output but also importantly, appears after the session_start() function.

Best practice is to check for the existence of session variables before you use them, as just shown. However, it can get quite cumbersome to check all the variables that you might use in a big application. With that in mind, another option is to set a global session variable and check for its existence rather than each variable individually. Here's how to do that.

Here is an updated version of the code, page1.php. In this code, there's a single addition, a new session variable called appStarted.

<?php
 
session_start();
 
$_SESSION['appStarted'] = true;
 
$_SESSION['accessTime'] = date("M/d/Y g:i:sa");
 
print "This is page 1<br />";
 
print "You accessed the application at: " . $_SESSION['accessTime'];
 
print "<div><a href=\"page2.php\">Continue to next page</a></div>";
 
?>

You can then change other pages in the application to check for the existence of this variable, as in the change noted.

<?php
 
session_start();
 
if (!isset($_SESSION['appStarted'])) {
        die(header("Location: page1.php"));
}
 
print "This is page 2<br />";
 
print "You accessed the application at: " . $_SESSION['accessTime'];
 
print "<div><a href=\"page3.php\">Continue to next page</a></div>";
 
?>
  • Add a Comment
  • Print
  • Share
blog comments powered by Disqus
Advertisement

Inside Dummies.com

Dummies.com Sweepstakes

Win $500. Easy.