Skip to content

Instantly share code, notes, and snippets.

@danferth
Last active May 4, 2023 14:39
Show Gist options
  • Select an option

  • Save danferth/6467254 to your computer and use it in GitHub Desktop.

Select an option

Save danferth/6467254 to your computer and use it in GitHub Desktop.
PHP session cheat sheet

PHP Sessions

Cheat sheet for using PHP sessions

  • start session with session_start(); at the begginging of document before any HTML or PHP.
  • set session variable with $_SESSION['varName'] = "value";, it will be available on anypage that has sessions active.
  • unset session variables with unset($_SESSION['varName']); or unset all with session_unset(); session will still be active though.
  • session_destroy(); ends the session.
  • see sample file for ideas on setting timeouts and such.

With all the cheat sheets thay are a work in progress and could contain mistakes. If you find these helpfull or find shit that is just plain wrong, please comment so I can fix.

Thanks

<?php
session_start(); //starts the session
$_SESSION['user'] = "Danferth"; //stores session data, here user "Danferth"
//=============================================================================
//you can use $_GET from login like so...
include "connection.php"; //connect to db
if(!isset($_SESSION['user'])){
$q = $db->prepare("SELECT * FROM users WHERE ID=:id"); //prepared SQL
$q->bindParam(":id", $_GET['message']); //bind parameter
$q->execute(); //execute query
$userResult = $q->fetch(PDO::FETCH_ASSOC); //put query into array
$_SESSION['user'] = $userResult['user']; //set session veriable
$welcomeMessage = "<p>Welcome ". $_SESSION['user']."</p>";
}else{
$welcomeMessage = "<p>Welcome back ". $_SESSION['user']."</p>";
}
echo $welcomeMessage;
//=============================================================================
unset($_SESSION['user']); //unsets session variable
session_unset(); //unsets all session data
//THE ABOVE STILL HAS ACTIVE SESSION THOUGH ONLY ALL DATA IS UNSET
session_destroy(); //ends session
//you can set a time out
$timeout = 120; //secconds so this would be 2 minutes
if(isset($_SESSION['timeout'])){
$sessionlife = time() - $_SESSION['timeout'];
if($sessionlife > $timeout){
session_destroy();
header("Location: back to login");
}
}
$_SESSION['timeout'] = time();
/*****************************************************
NOTE: Always destroy session with session_destroy()
You can use session_regenerate_id() for furter
security but was not needed at this time so
further study is required for this method
******************************************************/
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment