User tracking and session management

Adding state to HTTP is the subject of Chapter 8, where we introduce the PHP session-management techniques that manage the transaction processes of a user at the winestore. We discuss the merits of these session management techniques and illustrate when they should and should not be used. In Appendix D, we discuss alternatives to session management that use the database tier for state maintenance.

We illustrate PHP sessions by extending the customer <form> example from Chapter 6 and Chapter 7. We show a practical example of storing and redisplaying data when the user returns to fix data entry errors from the validation process. At the conclusion of Chapter 8, the simple customer data entry <form> is complete. A full implementation of the winestore customer <form> using the same techniques is the subject of Chapter 10, and sessions are used throughout the code examples in Chapter 10 through Chapter 13.


Authentication is the identification of two communicating parties. We discuss the principles of security and authentication in Chapter 9.We illustrate the principles with examples from the customized customer login and logout process at the winestore. The completed login and logout process at the winestore is discussed in Chapter 10.

The complete application

The winestore includes several complete components that are the subjects of Chapter 10 through Chapter 13:

  • The full implementation of the shopping cart is covered in Chapter 11.

  • Presentation of a finalized order, email confirmation, and delivery of a receipt are covered in Chapter 12.

  • Updating quantities in the shopping cart is discussed in Chapter 11.

  • The full membership application process, amending of customer details, and logging in and out are covered in Chapter 10.

  • Implementing the complex ordering process that manages the inventory is discussed in Chapter 12.

  • Housekeeping, separating presentation from content, and searching are presented in Chapter 13.