Of course, this is likely to be the preferred method to track users because it is the easiest way to create a state of persistence between user sessions. However, keep in mind that some users might have cookie support disabled in the browser, or might be using a browser that is not capable of implementing cookies.
There are a few configuration directives found within the
php.ini file that should be examined before attempting to use sessions and cookies. I'll present each here:
session.use_cookies (0 | 1)
This directive specifies whether or not cookies are to be used to store
0 disables cookie usage, while a
1 enables cookie usage.
session.name (Default: PHPSESSID)
This directive specifies the name of the cookie that stores the SID. The default is
session.cookie_lifetime (Default: 0)
This directive refers to the number of seconds that the cookie will "live" after it is first created. The default is
0, which results in the cookie expiring at the end of the session.
session.cookie_path (Default: /)
This directive specifies the domain path for which the cookie is valid. The default is
session.cookie_domain (Default: null)
This directive specifies the domain for which the cookie is valid. By
default, this directive is simply set to
null, which in this case means
Keep in mind that if
session.use_cookies is enabled, there is no need for you to explicitly call a cookie-setting function (
set_cookie(), for example). PHP's session-handling functionality automatically does this for you.
The SID can be appended to a URL either manually or automatically. To manually append the SID, all you have to do is include the SID global reference within the URL, like so:
<a href="configure.php?<?=SID?>">Go to the configuration page</a>
Of course, manually attaching the SID is not always the most convenient way to do things. Therefore, you can also ensure that it is automatically appended by compiling PHP with
-enable-trans-id. In doing so, you will not have to include the
<?=SID?> within the URL, as it will be automatically placed there.
Let's get to session-tracking already!
By now I'm sure you're just itching to begin creating user sessions. Have no fear! In this section I'll introduce several examples that should provide you with a basis for building your own session-oriented applications using this cool feature.
A simple example
In the first example, I'll demonstrate how an SID is created and how a
session variable is stored for later use. Consider a scenario where you
would like to grant the user the possibility to choose their own background color. This background color will then be stored and used throughout the various other pages found on the web site. For sake of simplicity, I'll just hard-code the value of the
$bgcolor variable ("
#8080ff") into the script. Furthermore, I'll assume that cookie support is enabled and is supported by the client browser.
Listing 1: Script creating new session and registering session variable.
// create a new session
// register a session-variable
// Assign a value to the session-variable
$bgcolor = "#8080ff";
<title>Session Example #1</title>
<body bgcolor="<?=$bgcolor?>" text="#000000" link="#000000" vlink="#000000" alink="#000000">
Welcome to a session-enabled page! The background color on the next page will be set to a stylish blue.<p>
<a href = "1-2.php">Go to another session-enabled page</a>.
Clicking upon the link provided in Listing 1 takes the user to Listing 2 (
1-2.php), shown below. The purpose of Listing 2 is to demonstrate that the cookie has been set and the SID can be retrieved from it. Also, this script retrieves the value of the session variable
$bgcolor, displaying it both as the page background color, and within a string.
Listing 2: Script demonstrating passage of session variables.
// Resume session created in Listing 1-2
<title>Session Example #1</title>
<body bgcolor="<?=$bgcolor?>" text="#000000" link="#808040" vlink="#606060" alink="#808000">
// Retrieve SID from cookie.
print "Your SID is $PHPSESSID <br>";
// Display the value of the $bgcolor variable.
print "The persistent background color is: $bgcolor.";
Note that if the
session.cookie_lifetime had been set to 3,600 seconds for example, both the background color and the SID would persist for one hour after the initial arrival at Listing 1, regardless of how many times the user leaves and
returns to the site during that timeframe.