Session handling
Sessions are an interesting mechanism in PHP, allowing us to maintain state in what is overall a stateless communication. We might visualize them as a per-user serialized array of information saved to a file. We use them to store user-specific information across various pages. By default, sessions rely on cookies, although, they can be configured to use the SID
parameter in a browser.
The cookie version of the PHP session works roughly as follows:
- Read the session token from the cookie.
- Create or open an existing file on disk.
- Lock the file for writing.
- Read the content of the file.
- Put the file data into the global
$_SESSION
variable. - Set caching headers.
- Return the cookie to the client.
- On each page request, repeat steps 1-7.
The SID version of the PHP session works pretty much the same way, aside from the cookie part. The cookie here is replaced by the SID value we push via the URL.
The session mechanism can be used for various things, some of which include user login mechanisms...