• Choose a category
• All
• Classic-Fiction

When a visitor accesses your Web site, she’s automatically assigned a unique session id. The session id is either stored in a cookie or in the URL. Sessions allow you to keep track of things for that specific user during her time on your site and during future visits if she’s not cleared her cache or deleted her cookies.

Any mundane hacker can sniff out your session ids if you allow them to be stored in the URL. To keep this from happening, use the session.use_only_cookies directive in your PHP configuration file. This may be inconvenient to users who don’t want you to have a cookie stored on their machine, but it’s necessary if you’re storing anything sensitive in their session.

Sessions are great because they are like a big box that the user carries around with him that you can just throw stuff into. Even if the user comes back to the site multiple times, the variables stored in the session retain their values. If you have hundreds of users accessing your site at the same time, each one will still have access to only their own versions of the variable.

Here’s the code for rollDice3.php:

session_start();

?>

“http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>

RollDice 3

Uses a Session Variable

function init(){

global $count;

global $total;

//increment count if it exists

if (isset($_SESSION[”count”])){

$count = $_SESSION[”count”];

$count++;

$_SESSION[”count”] = $count;

} else {

//if count doesn’t exist, this is our first pass,

//so initialize both session variables

$_SESSION[”count”] = 1;

$_SESSION[”total”] = 0;

$count = 1;

} // end if

} // end init

function rollDie(){

global $total;

$roll = rand(1,6);

$image = ”die$roll.jpg”;

print <<< HERE

alt = ”roll: $roll” />

HERE;

$total = $_SESSION[”total”];

$total += $roll;

$_SESSION[”total”] = $total;

} // end rollDie

init();

rollDie();

print ”

Rolls: $count

print ”

Total: $total

?>

This program rolls a die, but it uses session variables to keep track of the number of rolls and total value rolled. The session variable is updated every time the same user (using the same browser) visits the site.

Adding session variables to your code

Here’s how to incorporate sessions into your programs:

1. Begin your code with a call to session_start().

If you want to use session variables, your code must begin with a session_start() call, even before the DOCTYPE definition. I put a tiny block at the beginning of the program to enable sessions:

session_start();

?>

2. Check for the existence of the session variables.

Like form variables, session variables may or may not exist when the program is executed. If this is the first pass through the program, the session variables may not have been created yet. The init() function checks whether the count session variable exists. If so, it will increment the counter; if not, it will initialize the sessions. $_SESSION is a superglobal array (much like $_REQUEST).

if (isset($_SESSION[“count”])){

3. Load session variables from the $_SESSION superglobal.

Create a local variable and extract the current value from the $_SESSION associative array:

$count = $_SESSION[“count”];

Note that this line may trigger an error if you haven’t already initialized the variable. Some PHP configurations are set up to automatically assign 0 to a nonexistent session variable, and some trigger an error.

4. Increment the counter.

The $count variable is now an ordinary variable, so you can add a value to it in the ordinary way:

$count++;

5. Store the value back into the $_SESSION superglobal.