PHP Session Management

In Chapter 8 we showed how to build session-based applications using the PHP session management functions. Applications use these functions to initialize sessions and register session variables as shown in Example D-1. This simple script initializes a session and registers two session variables: count and start.

Example D-1. A simple PHP script that uses a session
  // Initialize a session. This call either creates
  // a new session or re-establishes an existing one.
  session_start(  );
  // If this is a new session, then the variable
  // $count is not registered
  if (!session_is_registered("count"))
    $count = 0;
    $start = time(  );
  $sessionId = session_id(  );
   "-//W3C//DTD HTML 4.0 Transitional//EN"
   "" >
    <p>This page points at a session
        (<?=$sessionId ?>)
    <br>count = <?=$count ?>.
    <br>start = <?=$start ?>.
    <p>This session has lasted
        $duration = time(  ) - $start;
        echo "$duration";

By default, PHP manages sessions by storing session variables in files on disk and uses the session ID as part of the filename. The session management functions and file storage are discussed in more detail in Chapter 8.

PHP allows user-defined handlers to be written that change how sessions are managed. The handlers define how PHP starts and terminates sessions, stores and retrieves session variables, and removes idle sessions with garbage collection. By implementing user-defined handlers, a developer can modify how PHP sessions are stored, without needing to change any application logic. PHP scripts, such as that shown in Example D-1, don't need to be modified except for an additional include directive to use the user-defined session management handlers.

PHP Session Management Storage Methods

Because PHP abstracts the storage method from the programmatic interface to session management, different storage strategies can be used. PHP can be configured to store session variables in files on disk (the default method), in memory, or in a user-defined way. The method used is configured by the session.save_handler parameter in the php.ini file. Here are the values the session.save_handler parameter can be set to:


This is the default storage method for PHP, where session variables are serialized and written to a session file.


The memory management storage method allows session variables to be stored in Apache's runtime memory. Using memory has the advantage of better performance than files on disk. However, if many sessions must be supported, and each session uses a large volume of data, the memory used by the Apache process may be high. To use memory to store session variables, Apache must be configured and compiled to use an installed memory management module (--with-mm).


The user-defined method allows an application to save session variables to systems other than file or memory, such as to a table in a database. By defining several handler prototypes, PHP allows the developer to define the behavior of the low-level session management. A full explanation is given in the next section.

by BrainBellupdated