Does it start a current session based on cookies? Got that from the PHP website. How does PHP control the session? If I start a session when a user opens up my login page, what do I even use that session for? Can I use the current session to get info about the logged in user?
Advertisement
Answer
The PHP session system lets you store securely data in the $_SESSION global array. A typical example is to store the user’s identifier in the session when they type in their password:
if ($user = try_login($login, $password)) $_SESSION['user'] = $user;
Then, you can access that information on all other pages:
if (isset($_SESSION['user'])) // logged in ! echo user_name($_SESSION['user']);
The data is stored on the server, so there is no risk of tampering (on the other hand, mind your disk usage).
Starting the session lets the current request use $_SESSION. If this is the user’s first visit, the array will be empty and a new session cookie will be sent for you.
Closing the session merely prevents the current request from using $_SESSION, but the data stays around for the next requests.
Destroying the session throws away all the data, forever. The sessions are destroyed a certain duration after the last visit (usually around 30 minutes).