PHP Tutorial: Sessions

Hello everyone, this is a continuation to the second PHP article that talks about PHP syntax. In this article, we will be exploring PHP sessions.

Sessions are used for identifying clients and associating certain data with them, eg: username, etc. So in essence, how you see Facebook, Twitter and other big websites identify you is through sessions or cookies. However, we’ll only be strictly covering sessions in this article to avoid confusion with cookies.


In the previous article, you’ve been exposed to the basic syntax of PHP. The PHP syntax is the core of PHP that does all kind of variable storage, operations, loops and many more.

Server-side session management

PHP session is a sort of confusing topic, so you gotta pay some attention to the details. Okay, so how PHP manage sessions on their side is that PHP create these sessions files that are stored in the sessions directory, as defined by PHP.ini as ‘session.save_path’. By default, it isn’t specified and when there isn’t any value, PHP will default to storing sessions in the system’s default tmp directory (‘/tmp’) which is used for storing temporary files.

PHP.ini session config

These sessions are uniquely generated upon a client visiting a PHP file that calls to the PHP function `session_start()`. One important rule you have to take note is that a session must be started before headers are sent. In other words, you cannot call to `session_start()` after you have called to `echo “lol”;` which sends headers and prints content on the client’s browser.

Client-side session management

When the client visits the web page, the server will ask the browser to store a session with a value of the session id. This session will last until the client becomes inactive after a certain amount of time or when the browser is closed or when the browser clears its sessions or cookies for the website or when the server ends the session using `session_destroy()`. What do I mean by inactive? Inactive simply means that the client visits the page but doesn’t do anything and leaves it there.


So this page shows that the user has not logged in yet. In this page, `session_start()` is called at the top and it checks if a session has already been generated for the client.

Not logged in

Since it’s the first time we are visiting the page, we have no session so PHP generates a session for us and asks our browser to store that as a session. After that, it proceeds to check if there’s any data associated with the client session. But then again, there’s no data associated because it’s our first time and there has been no calls to associate any data yet.


And then now the client attempts to log in with the username ‘woohuiren’.

before login

Now the server will associate the username ‘woohuiren’ with the generated session. And then MAGICK, the client is now logged in.

logged in

The source code for this example is available for you here to study. Hope it helps.

If you have any questions regarding PHP sessions, post them in comments section below and I’ll be sure to get back to ya as soon as possible. =)

Next Tutorial: PHP Deployment

Tutorial Overview: Fast Track Learning

Author: Woo Huiren

Currently a student at National University of Singapore. I contribute to opensource projects - primarily PHP and Angular related. I write about PCF and PWS related stuff too.

Leave a Reply