How session works in web application?

 In General

What is session?

A session is a way to store information (in variables) to be used across multiple pages.

Why we need a session?

Generally, when you work with an application, you open it, make some changes, and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you finish. But on the internet, there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn’t maintain state.

Http is stateless that’s why we need session to know web-server that the request is from the same user or from different.

How session works?

Let’s see a real time example – You login to Gmail, it displays Emails of your inbox not someone else. So it means, after login, when you send a request, the server identifies you. And you know, thousands of users may be visiting their inbox at the same time. But server never makes a mistake to serve user A the emails of user B. So how server identifies a particular user?

When the user fill login form and submit, the server authenticates the user and store your identification information in the session. It creates a new session (Map of key values), a new session ID is generated which is used to identify the created session. So if there are 10000 active sessions, there must are 10000 session IDs.

What the server does is, it sends the Session ID to the browser in a cookie. When a new request comes, the server checks a particular cookie that contains the Session ID. If it is found, the server use it to retrieve a particular session object already created at server side. And server link this session object with the current request, so that during the request processing, programmers can make updates to the session object.

Where the session information is stored?

The session information is stored on the server. Only the session Id is sent browser, which it sent back to the server, so that the session object can be identified.

What is a cookie?

Cookies are usually small text file, that stored on your computer’s browser directory.

Can session work without cookies?

This is a great interview PHP question and asked in almost every interview. So the answer is YES, session can work without cookies.
PHP does two things in order to work without cookies:

1) For every HTML form that PHP is find in your HTML code

PHP will automatically add a hidden input tag with the name PHPSESSID right after the form tag. The value of that hidden input tag would be whatever value PHP assigns your session ID. So, for example, the hidden input could look something like this:


<form>
<input type=”hidden” name=”PHPSESSID” value=”12345678″ >
</form>
</code>

This way, when the form is submitted to the server, PHP will be able to retrieve the session identifier from the form and will know who it is communicating with on the other end, and will also know which session to associate the form parameters with if it is adding the form parameters to the PHP session.

2) PHP will find all the links in your HTML code, and will modify those links so that they have a GET parameter appended to the link itself. That GET parameter will also have the name of PHPSESSID, and the value will of course be the unique session identifier – so the PHP session ID will basically be a part of the URL query string.

So, for example, if your code has a link that originally looks like this:

<a href=”http://www.example.com”>Go to this link><a/>

When modified by PHP to include the session ID, it could look something like this:


<a href=”http://www.example.com?PHPSESSID=72aa95axyz6cd67d82ba0f809277326dd”>Go to this link</a>

What is a disadvantage of using PHP sessions without cookies enabled?

A disadvantage is that using PHP sessions without cookies is the fact that if you share a URL that has the PHP session ID appended to it with someone else, then they could potentially use the same exact session that you were using. It also opens you up to session hijacking – where a user’s session is deliberately stolen so that a hacker can impersonate you and do some damage.

How to program session in php?

A session is started with the session_start() function and Session variables are set with the PHP global variable: $_SESSION.

Let’s see the Example for storing values in session


<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html>
<body>

<?php
// Set session variables
$_SESSION[“id”] = “1”;
$_SESSION[“name”] = “sandeep”;
echo “Session variables are set.”;
?>

</body>
</html>

Example for getting PHP Session Variable Values


<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>

<?php
print_r($_SESSION);
?>

</body>
</html>

Example to destroy session

<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>

<?php
// remove all session variables
session_unset();

// destroy the session
session_destroy();
?>

</body>
</html>

 

CodePlateau Pune’s ultimate solution in affordable and professional Web Development Service uses the blog and all its other resources to answer all the questions you might have. If you have any queries regarding web development, web design or mobile app development, get in touch with us today!

Recent Posts