Working With Sessions in PHP


sessions are the tracking timestamp for any event whenever the session is started a event timestamp is generated By default in php it exist till 1440 second( 24 minutes ) . 


Can it be modified ? Yes ..How ?


php.ini


session.gc_maxtime = 1440 If you modify this then You can modify the time 


How To Start the session


<?php session_start(); ?>




How To Set session variables


<?php

// Start the session

session_start();

$_SESSION["user_name"] = "CodeHubDeep";

$_SESSION["url"] = "https://codehubdeep.blogspot.com/";

echo "Session variables are set Success.";

?>


Working With Sessions in PHP


How To Remove all session variables


<?php session_unset(); ?>


How To Destroy the session


<?php session_destroy(); ?>


Working With Sessions in PHP


<?php

// remove all session variables

session_unset();

// destroy the session

session_destroy();

echo "All session variables are now removed, and the session is destroyed."

?>



Difference between session_unset , session_destroy and unset($_SESSION)


session_destroy : 


when you use session_destroy All the session token with timestamp will be destroyed.



session_unset:


Current token with current token not the timestamp it kill the varible .


Notes : when session_unset and session_destroy works same when session token is same


Working With Sessions in PHP


Important Topics of sessions : 


1. session_token:  


Name of token which is shared Among Browser and server It is name of cookie : 


c-client

c-cookie

s-server

s-session

session_token is same as cookie name which is stored in Browser

in server :

session_token = PHPSSID

In browser or Client

Cookie_name = PHPSSID


2. session_timestamp :


By default session time out for given timestamp is 1440 second But since timestamp is not send to browser cookie will never expire rather replace same with token name 


3. session_save_type


     Where server will store the file : 


 a. in File System  //90% security (user tracking 0%)

    c:/Xampp/tem p/

        b. Database   // 10% security  (user tracking 100%)


Combination of File system + Database = 100%


  tb1_session

  -----------------------------------------------

  ID | token_name | created_on | expired_on | Ip_Address

  --------------------------------------------


4. session_savepath : 


   By default session where stored in C:/Xampp/tmp


   One file is Created with name


   sess_<session_id>


How to trace this file or change the path of this file To set new path


   ini_set('session.save_path','C:\xampp\mysession');


 How To get new path


   ini_get('session.save_path');


5. session_id : 


    It is encrypted Hash key with alphanumeric Id given to a user everytime a new timestamp created_on


How to get session_id :

session_id()


But if user can get your session Id it can perform session hijacking or session fixation


How to prevents


After new time time regenerate the session_id

session_regenerate_id()