What is PHP session_start()

Does it start a current session based on cookies? Got that from the PHP website. How does PHP control the session? If I start a session when a user opens up my login page, what do I even use that session for? Can I use the current session to get info about the logged in user?

Answer

The PHP session system lets you store securely data in the $_SESSION global array. A typical example is to store the user’s identifier in the session when they type in their password:

if ($user = try_login($login, $password)) 
  $_SESSION['user'] = $user;

if ($user = try_login($login, $password)) 

  $_SESSION['user'] = $user;

​

Then, you can access that information on all other pages:

if (isset($_SESSION['user']))
  // logged in !
  echo user_name($_SESSION['user']);

if (isset($_SESSION['user']))

  // logged in !

  echo user_name($_SESSION['user']);

​

The data is stored on the server, so there is no risk of tampering (on the other hand, mind your disk usage).

Starting the session lets the current request use $_SESSION. If this is the user’s first visit, the array will be empty and a new session cookie will be sent for you.

Closing the session merely prevents the current request from using $_SESSION, but the data stays around for the next requests.

Destroying the session throws away all the data, forever. The sessions are destroyed a certain duration after the last visit (usually around 30 minutes).