The configuration of PHP’s session mechanism is completely triggered in the [session] section of the php.ini configuration file. The default settings might not be suitable for all applications, so the next few codes cover some possible configurations.
Sessions Garbage Collection
How to configure PHP’s Garbage collection mechanism to remove old/expired sessions from the server.
HTTP Authentication with Sessions
The HTTP provides two methods of authentication: basic and digest. In this tutorial, we’ll discuss only “Basic” authentication method and use this method in conjunction with PHP sessions.
Creating a Secured Members Area with Sessions
Sessions are a great way to secure certain parts of your website. In this tutorial, we create a PHP script that checks the site users, redirects unauthenticated users to the login page, and after a successful authentication sends them back to the page where they came from.
Storing Sessions in Database
By default, sessions are read from files, you can use the session_set_save_handler() function to define custom session handlers to store session data in a database. In this tutorial, we’ll create two code snippets, Procedural and OOP, to manage session data.
Session Fixation: Changing Session ID
Session fixation exploits a weakness in your PHP script. Especially, if you do not generate a new session id for users when authenticating them.
Creating Sessions Without Cookies
How to use PHP sessions if the client browser does not support (or blocked) cookies?
Reading, Writing, and Removing Sessions
In this tutorial, we discuss how to use PHP sessions, showing how sessions are started and ended and how session variables are used.
A session is a way to identify and manage the state of a particular user. HTTP does not know any kind of session mechanism; the protocol is stateless. However, PHP comes with built-in session support that makes it fairly easy to use sessions.
Saving Form Data into a Cookie