SESSION
HANDLINGfacebook.com/apex.tgi
twitter.com/ApextgiNoida
pinterest.com/apextgi
INTRODUCTION
 Session support in PHP consists of a way to preserve certain data
across subsequent accesses.This enables y...
Code for differentiating Guest and Logged members:
<?php
// Starting the session
session_start();
if(isset($_SESSION['user...
BASIC USAGES OF SESSION
• Sessions are a simple way to store data for individual users against a unique session
ID.This ca...
• Sessions can be started manually using the session_start() function. If the
session.auto_start directive is set to 1, a ...
Registering a variable with $_SESSION
<?php
session_start();
if (!isset($_SESSION['count']))
{
$_SESSION['count'] = 0;
}
e...
Unregistering a variable with $_SESSION
<?php
session_start();
unset($_SESSION['count']);
?>
The session module cannot guarantee that the information you store in a
session is only viewed by the user who created th...
There are several ways to leak an existing session id to third parties.
A leaked session id enables the third party to ac...
Session Functions
• session_cache_expire — Return current cache expire
• session_cache_limiter — Get and/or set the curren...
• session_is_registered — Find out whether a global variable is registered
in a session
• session_module_name — Get and/or...
• session_set_save_handler — Sets user-level session storage
functions
• session_start — Start new or resume existing sess...
http://www.apextgi.in
ThankYou
ApexTG India
E-20 , Sector 63, Noida
0120 –
4029000/9024/9025/9027
+91-9953584548
Email id:...
Upcoming SlideShare
Loading in...5
×

How Session is Handled in PHP

178

Published on

Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site.
www.apextgi.in

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
178
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

How Session is Handled in PHP

  1. 1. SESSION HANDLINGfacebook.com/apex.tgi twitter.com/ApextgiNoida pinterest.com/apextgi
  2. 2. INTRODUCTION  Session support in PHP consists of a way to preserve certain data across subsequent accesses.This enables you to build more customized applications and increase the appeal of your web site.  A visitor accessing your web site is assigned a unique id, the so-called session id.This is either stored in a cookie on the user side or is propagated in the URL.  The session support allows you to store data between requests in the $_SESSION super global array.When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start() or implicitly through session_register()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.
  3. 3. Code for differentiating Guest and Logged members: <?php // Starting the session session_start(); if(isset($_SESSION['user'])) { // Code for Logged members // Identifying the user $user = $_SESSION['user']; // Information for the user. } else { // Code to show Guests } ?>
  4. 4. BASIC USAGES OF SESSION • Sessions are a simple way to store data for individual users against a unique session ID.This can be used to persist state information between page requests. Session IDs are normally sent to the browser via session cookies and the ID is used to retrieve existing session data.The absence of an ID or session cookie lets PHP know to create a new session, and generate a new session ID. • Sessions follow a simple workflow. When a session is started, PHP will either retrieve an existing session using the ID passed (usually from a session cookie) or if no session is passed it will create a new session. PHP will populate the $_SESSION superglobal with any session data after the session has started.When PHP shuts down, it will automatically take the contents of the $_SESSION superglobal, serialize it, and send it for storage using the session save handler.
  5. 5. • Sessions can be started manually using the session_start() function. If the session.auto_start directive is set to 1, a session will automatically start on request startup. • Sessions normally shutdown automatically when PHP is finished executing a script, but can be manually shutdown using the session_write_close() function.
  6. 6. Registering a variable with $_SESSION <?php session_start(); if (!isset($_SESSION['count'])) { $_SESSION['count'] = 0; } else { $_SESSION['count']++; } ?>
  7. 7. Unregistering a variable with $_SESSION <?php session_start(); unset($_SESSION['count']); ?>
  8. 8. The session module cannot guarantee that the information you store in a session is only viewed by the user who created the session.You need to take additional measures to actively protect the integrity of the session, depending on the value associated with it. Assess the importance of the data carried by your sessions and deploy additional protections -- this usually comes at a price, reduced convenience for the user. For example, if you want to protect users from simple social engineering tactics, you need to enable session.use_only_cookies. In that case, cookies must be enabled unconditionally on the user side, or sessions will not work. SESSION AND SECURITY
  9. 9. There are several ways to leak an existing session id to third parties. A leaked session id enables the third party to access all resources which are associated with a specific id. First, URLs carrying session ids. If you link to an external site, the URL including the session id might be stored in the external site's referrer logs. Second, a more active attacker might listen to your network traffic. If it is not encrypted, session ids will flow in plain text over the network.The solution here is to implement SSL on your server and make it mandatory for users.
  10. 10. Session Functions • session_cache_expire — Return current cache expire • session_cache_limiter — Get and/or set the current cache limiter • session_commit — Alias of session_write_close • session_decode — Decodes session data from a session encoded string • session_destroy — Destroys all data registered to a session • session_encode — Encodes the current session data as a session encoded string • session_get_cookie_params — Get the session cookie parameters • session_id — Get and/or set the current session id
  11. 11. • session_is_registered — Find out whether a global variable is registered in a session • session_module_name — Get and/or set the current session module • session_name — Get and/or set the current session name • session_regenerate_id — Update the current session id with a newly generated one • session_register_shutdown — Session shutdown function • session_register — Register one or more global variables with the current session • session_save_path — Get and/or set the current session save path • session_set_cookie_params — Set the session cookie parameters
  12. 12. • session_set_save_handler — Sets user-level session storage functions • session_start — Start new or resume existing session • session_status — Returns the current session status • session_unregister — Unregister a global variable from the current session • session_unset — Free all session variables • session_write_close — Write session data and end session
  13. 13. http://www.apextgi.in ThankYou ApexTG India E-20 , Sector 63, Noida 0120 – 4029000/9024/9025/9027 +91-9953584548 Email id: pratap@apextgi.com Stay Connected with us for more chapters on PHP
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×