{"id":87,"date":"2021-03-08T00:16:13","date_gmt":"2021-03-08T00:16:13","guid":{"rendered":"https:\/\/phptutorial.net\/?page_id=87"},"modified":"2025-04-06T08:01:58","modified_gmt":"2025-04-06T08:01:58","slug":"php-session","status":"publish","type":"page","link":"https:\/\/www.phptutorial.net\/php-tutorial\/php-session\/","title":{"rendered":"PHP Session"},"content":{"rendered":"\n<p><strong>Summary<\/strong>: In this tutorial, you will learn how to use <strong>PHP sessions<\/strong> to preserve the state of the web application across pages during a session.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='introduction-to-php-sessions'>Introduction to PHP sessions <a href=\"#introduction-to-php-sessions\" class=\"anchor\" id=\"introduction-to-php-sessions\" title=\"Anchor for Introduction to PHP sessions\">#<\/a><\/h2>\n\n\n\n<p>The HTTP protocol is stateless. For example, when you visit the product page <code>product.php<\/code>, the web server responds with the page:<\/p>\n\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"530\" height=\"254\" class=\"wp-image-2116\" src=\"https:\/\/phptutorial.net\/wp-content\/uploads\/2021\/07\/php-session-HTTP-protocol-2.png\" alt=\"\" srcset=\"https:\/\/www.phptutorial.net\/wp-content\/uploads\/2021\/07\/php-session-HTTP-protocol-2.png 530w, https:\/\/www.phptutorial.net\/wp-content\/uploads\/2021\/07\/php-session-HTTP-protocol-2-300x144.png 300w\" sizes=\"auto, (max-width: 530px) 100vw, 530px\" \/><\/figure>\n<\/div>\n\n\n\n<p>Suppose, you click the add to cart button on the <code>product.php<\/code> page and navigate to the <code>cart.php<\/code> page, the web server won&#8217;t know that you have added the product to the cart.<\/p>\n\n\n\n<p>To persist the information across the pages, the web server uses sessions. In this example, when you click the add to cart button, the web server will store the product on the server.<\/p>\n\n\n\n<p>When you view the <code>cart.php<\/code> page, the web server gets the products from the session and displays them on the <code>cart.php<\/code> page:<\/p>\n\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"531\" height=\"255\" class=\"wp-image-2115\" src=\"https:\/\/phptutorial.net\/wp-content\/uploads\/2021\/07\/PHP-Session-How-it-works.png\" alt=\"\" srcset=\"https:\/\/www.phptutorial.net\/wp-content\/uploads\/2021\/07\/PHP-Session-How-it-works.png 531w, https:\/\/www.phptutorial.net\/wp-content\/uploads\/2021\/07\/PHP-Session-How-it-works-300x144.png 300w\" sizes=\"auto, (max-width: 531px) 100vw, 531px\" \/><\/figure>\n<\/div>\n\n\n\n<p>How it works.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>First, the web browser requests for the <code>product.php<\/code> page.<\/li>\n<li>Second, the web server responds with the <code>product.php<\/code> page&#8217;s content.<\/li>\n<li>Third, you click the Add To Cart button on the <code>product.php<\/code> page. The page will send an HTTP request (either POST or GET) to the web server. The web server validates the product and generates a session id. It also creates a new text file on the server to store the information related to the selected product.<\/li>\n<li>Fourth, the web server responds to the web browser with the <code>PHPSESSID<\/code> cookie in the response header. If the web browser allows <a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-cookies\/\">cookies<\/a>, it will save the <code>PHPSESSID<\/code> cookie, which stores the session id passed by the web server.<\/li>\n<li>Fifth, in the subsequent request, for example, when you view the <code>cart.php<\/code> page, the web browser passes the <code>PHPSESSID<\/code> back to the web server. When the web server sees the <code>PHPSESSID<\/code> cookie, it will resume the session with the session id stored in it.<\/li>\n<li>Finally, the web server returns the cart page with your selected products.<\/li>\n<\/ul>\n\n\n\n<p>Sessions allow you to store data on the web server associated with a session id. Once you create a session, PHP sends a <a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-cookies\/\">cookie <\/a>that contains the session id to the web browser. In the subsequent requests, the web browser sends the session id cookie back to the web server so that PHP can retrieve the data based on the session id.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='creating-a-new-session'>Creating a new session <a href=\"#creating-a-new-session\" class=\"anchor\" id=\"creating-a-new-session\" title=\"Anchor for Creating a new session\">#<\/a><\/h2>\n\n\n\n<p>To create a new session, you call the <code>session_start()<\/code> function:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\nsession_start();<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>When the <code>session_start()<\/code> runs at the first time, PHP generates a unique session id and passes it to the web browser in the form of a cookie named <code>PHPSESSID<\/code>.<\/p>\n\n\n\n<p>If a session already exists, PHP checks the <code>PHPSESSID<\/code> cookie sent by the browser, the\u00a0<code>session_start()<\/code> function will resume the existing session instead of creating a new one.<\/p>\n\n\n\n<p>Since PHP sends the\u00a0<code>PHPSESSID<\/code> cookie in the header of the HTTP response, you need to call the <code>session_start()<\/code> function before any statement that outputs the content to the web browser.<\/p>\n\n\n\n<p>Otherwise, you will get a warning message saying the header cannot be modified because it is already sent. This is a well-known error message in PHP.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='where-php-stores-session-data'>Where PHP stores session data <a href=\"#where-php-stores-session-data\" class=\"anchor\" id=\"where-php-stores-session-data\" title=\"Anchor for Where PHP stores session data\">#<\/a><\/h2>\n\n\n\n<p>PHP stores session data in temporary files on the web server by default. You can find the location of the temporary files using the directive <code>session.save_path<\/code> in the PHP configuration file.<\/p>\n\n\n\n<p>The <code>ini_get()<\/code> function returns the value of the <code>session.save_path<\/code> directive:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\n<span class=\"hljs-keyword\">echo<\/span> ini_get(<span class=\"hljs-string\">'session.save_path'<\/span>);<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Or you can call the <code>session_save_path()<\/code> function:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\n<span class=\"hljs-keyword\">echo<\/span> session_save_path();<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Typically, the session data is stored in the <code>\/tmp<\/code> folder of the web server e.g, <code>\/xampp\/tmp<\/code> .<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='accessing-session-data'>Accessing session data <a href=\"#accessing-session-data\" class=\"anchor\" id=\"accessing-session-data\" title=\"Anchor for Accessing session data\">#<\/a><\/h2>\n\n\n\n<p>Unlike cookies, you can store any data in the session. To store data in the session, you set the key and value in the <code>$_SESSION<\/code> superglobal array.<\/p>\n\n\n\n<p>For example, in the\u00a0<code>index.php<\/code> file, you store the <code>user<\/code> string and <code>roles<\/code> array in the session as follows:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\tsession_start();\n\t<span class=\"hljs-comment\">\/\/ store scalar value<\/span>\n\t$_SESSION&#91;<span class=\"hljs-string\">'user'<\/span>] = <span class=\"hljs-string\">'admin'<\/span>;\n\t<span class=\"hljs-comment\">\/\/ store an array<\/span>\n\t$_SESSION&#91;<span class=\"hljs-string\">'roles'<\/span>] = &#91;<span class=\"hljs-string\">'administrator'<\/span>, <span class=\"hljs-string\">'approver'<\/span>, <span class=\"hljs-string\">'editor'<\/span>];\n<span class=\"hljs-meta\">?&gt;<\/span>\n\n&lt;html&gt;\n&lt;head&gt;\n    &lt;title&gt;PHP Session Demo&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n    &lt;a href=<span class=\"hljs-string\">\"profile.php\"<\/span>&gt;Go to profile page&lt;\/a&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>How it works:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>First, create a new session by calling the <code>session_start()<\/code> function.<\/li>\n<li>Second, set the session data with the key <code>user<\/code> and <code>roles<\/code> to the &#8216;admin&#8217; and the array <code>['administrator', 'approver', 'editor]<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>The <code>index.php<\/code> displays a link that navigates to the <code>profile.php<\/code> page. In the <code>profile.php<\/code> file, you can access session data as follows:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span> session_start() <span class=\"hljs-meta\">?&gt;<\/span>\n\n<span class=\"hljs-meta\">&lt;?php<\/span> <span class=\"hljs-keyword\">if<\/span> (<span class=\"hljs-keyword\">isset<\/span>($_SESSION&#91;<span class=\"hljs-string\">'user'<\/span>])) : <span class=\"hljs-meta\">?&gt;<\/span>\n    &lt;p&gt;Welcome <span class=\"hljs-meta\">&lt;?<\/span>= $_SESSION&#91;<span class=\"hljs-string\">'user'<\/span>] <span class=\"hljs-meta\">?&gt;<\/span>&lt;\/p&gt;\n<span class=\"hljs-meta\">&lt;?php<\/span> <span class=\"hljs-keyword\">endif<\/span>; <span class=\"hljs-meta\">?&gt;<\/span>\n\n<span class=\"hljs-meta\">&lt;?php<\/span> <span class=\"hljs-keyword\">if<\/span> (<span class=\"hljs-keyword\">isset<\/span>($_SESSION&#91;<span class=\"hljs-string\">'roles'<\/span>])) : <span class=\"hljs-meta\">?&gt;<\/span>\n    &lt;p&gt;Current roles:&lt;\/p&gt;\n    &lt;ul&gt;\n        <span class=\"hljs-meta\">&lt;?php<\/span> <span class=\"hljs-keyword\">foreach<\/span> ($_SESSION&#91;<span class=\"hljs-string\">'roles'<\/span>] <span class=\"hljs-keyword\">as<\/span> $role): <span class=\"hljs-meta\">?&gt;<\/span>\n            &lt;li&gt;<span class=\"hljs-meta\">&lt;?<\/span>= $role <span class=\"hljs-meta\">?&gt;<\/span>&lt;\/li&gt;\n        <span class=\"hljs-meta\">&lt;?php<\/span> <span class=\"hljs-keyword\">endforeach<\/span>; <span class=\"hljs-meta\">?&gt;<\/span>\n    &lt;\/ul&gt;\n<span class=\"hljs-meta\">&lt;?php<\/span> <span class=\"hljs-keyword\">endif<\/span>; <span class=\"hljs-meta\">?&gt;<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>How it works.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>First, resume an existing session created in the index.php file.<\/li>\n<li>Second, accessing session data using the <code>$_SESSION<\/code> array.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id='deleting-the-session-data'>Deleting the session data <a href=\"#deleting-the-session-data\" class=\"anchor\" id=\"deleting-the-session-data\" title=\"Anchor for Deleting the session data\">#<\/a><\/h2>\n\n\n\n<p>Whenever you close the web browser, PHP automatically deletes the session. Sometimes, you want to explicitly delete a session, e.g., when you click the logout link. In this case, you can use the <code>session_destroy()<\/code> function:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-6\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\nsession_destroy();<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-6\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>This\u00a0 <code>session_destroy()<\/code> deletes all data associated with the current session. However, it does not unset data in the\u00a0 <code>$_SESSION<\/code> array and cookie.<\/p>\n\n\n\n<p>To completely destroy the session data, you need to unset the variable in\u00a0 <code>$_SESSION<\/code> array and remove the <code>PHPSESSID<\/code> cookie like this:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-7\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\nsession_start();\n\n<span class=\"hljs-comment\">\/\/ remove cookie<\/span>\n<span class=\"hljs-keyword\">if<\/span>(<span class=\"hljs-keyword\">isset<\/span>($_COOKIE&#91;session_name()])){\n    setcookie(session_name(),<span class=\"hljs-string\">''<\/span>,time() - <span class=\"hljs-number\">3600<\/span>, <span class=\"hljs-string\">'\/'<\/span>);\n}\n\n<span class=\"hljs-comment\">\/\/ unset data in $_SESSION<\/span>\n$_SESSION&#91;] = <span class=\"hljs-keyword\">array<\/span>();\n\n<span class=\"hljs-comment\">\/\/ destroy the session<\/span>\nsession_destroy();<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-7\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Notice that we used the <code>session_name()<\/code> function to get the cookie name instead of using the <code>PHPSESSID<\/code>. PHP allows you to work with multiple sessions with different names on the same script.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='summary'>Summary <a href=\"#summary\" class=\"anchor\" id=\"summary\" title=\"Anchor for Summary\">#<\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sessions allow you to persist data across pages in a web application.<\/li>\n<li>Call the <code>session_start()<\/code> function before any statement that outputs to the web browser for creating a new session or resuming an existing session.<\/li>\n<li>Use the <code>$_SESSION<\/code> superglobal array to access the session data.<\/li>\n<li>Call the <code>session_destroy()<\/code> function to delete session data completely.<\/li>\n<\/ul>\n<div class=\"helpful-block-content\" data-title=\"\">\n\t<header>\n\t\t<div class=\"wth-question\">Did you find this tutorial useful?<\/div>\n\t\t<div class=\"wth-thumbs\">\n\t\t\t<button\n\t\t\t\tdata-post=\"87\"\n\t\t\t\tdata-post-url=\"https:\/\/www.phptutorial.net\/php-tutorial\/php-session\/\"\n\t\t\t\tdata-post-title=\"PHP Session\"\n\t\t\t\tdata-response=\"1\"\n\t\t\t\tclass=\"wth-btn-rounded wth-yes-btn\"\n\t\t\t>\n\t\t\t\t<svg\n\t\t\t\t\txmlns=\"http:\/\/www.w3.org\/2000\/svg\"\n\t\t\t\t\tviewBox=\"0 0 24 24\"\n\t\t\t\t\tfill=\"none\"\n\t\t\t\t\tstroke=\"currentColor\"\n\t\t\t\t\tstroke-width=\"2\"\n\t\t\t\t\tstroke-linecap=\"round\"\n\t\t\t\t\tstroke-linejoin=\"round\"\n\t\t\t\t\tclass=\"feather feather-thumbs-up block w-full h-full\"\n\t\t\t\t>\n\t\t\t\t\t<path\n\t\t\t\t\t\td=\"M14 9V5a3 3 0 0 0-3-3l-4 9v11h11.28a2 2 0 0 0 2-1.7l1.38-9a2 2 0 0 0-2-2.3zM7 22H4a2 2 0 0 1-2-2v-7a2 2 0 0 1 2-2h3\"\n\t\t\t\t\t><\/path>\n\t\t\t\t<\/svg>\n\t\t\t\t<span class=\"sr-only\"> Yes <\/span>\n\t\t\t<\/button>\n\n\t\t\t<button\n\t\t\t\tdata-response=\"0\"\n\t\t\t\tdata-post=\"87\"\n\t\t\t\tdata-post-url=\"https:\/\/www.phptutorial.net\/php-tutorial\/php-session\/\"\n\t\t\t\tdata-post-title=\"PHP Session\"\n\t\t\t\tclass=\"wth-btn-rounded wth-no-btn\"\n\t\t\t>\n\t\t\t\t<svg\n\t\t\t\t\txmlns=\"http:\/\/www.w3.org\/2000\/svg\"\n\t\t\t\t\tviewBox=\"0 0 24 24\"\n\t\t\t\t\tfill=\"none\"\n\t\t\t\t\tstroke=\"currentColor\"\n\t\t\t\t\tstroke-width=\"2\"\n\t\t\t\t\tstroke-linecap=\"round\"\n\t\t\t\t\tstroke-linejoin=\"round\"\n\t\t\t\t>\n\t\t\t\t\t<path\n\t\t\t\t\t\td=\"M10 15v4a3 3 0 0 0 3 3l4-9V2H5.72a2 2 0 0 0-2 1.7l-1.38 9a2 2 0 0 0 2 2.3zm7-13h2.67A2.31 2.31 0 0 1 22 4v7a2.31 2.31 0 0 1-2.33 2H17\"\n\t\t\t\t\t><\/path>\n\t\t\t\t<\/svg>\n\t\t\t\t<span class=\"sr-only\"> No <\/span>\n\t\t\t<\/button>\n\t\t<\/div>\n\t<\/header>\n\n\t<div class=\"wth-form hidden\">\n\t\t<div class=\"wth-form-wrapper\">\n\t\t\t<div class=\"wth-title\"><\/div>\n\t\t\t\n\t\t\t<textarea class=\"wth-message\"><\/textarea>\n\n\t\t\t<button class=\"btn btn-primary wth-btn-submit\">Send<\/button>\n\t\t\t<button class=\"btn wth-btn-cancel\">Cancel<\/button>\n\t\t\n\t\t<\/div>\n\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to work with PHP sessions to preserve the state of the web application across pages during a session.<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":15,"menu_order":80,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-87","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/87","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/comments?post=87"}],"version-history":[{"count":5,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/87\/revisions"}],"predecessor-version":[{"id":3148,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/87\/revisions\/3148"}],"up":[{"embeddable":true,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/15"}],"wp:attachment":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/media?parent=87"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}