//close the file
fclose($myFile);
?>
Sessions
If you build a Web application, it's likely you will have information to associate with
each user. You may wish to remember the user's name from page to page. You may be
collecting information on successive forms. You could attempt to pass the growing body
of information from page to page inside hidden form fields, but this is impractical. An
elegant solution is to use the idea of a session. Each visitor is assigned a unique identifier
with which you reference stored information, perhaps in a file or in a database.
In the past, PHP developers were required to create their own code for handling sessions,
but Sascha Schumann and Andrei Zmievski added new functions for session handling to
PHP 4. The concept is as follows. You register global variables with the session handler.
The values of these variables are saved in files on the server. When the user requests
another page, these variables are restored to the global scope.
The session identifier is a long series of numbers and letters and is sent to the user as a
cookie. It is possible that the user will reject the cookie, so a constant is created that
allows you to send the session identifier in a URL. The constant is SID and contains a full
GET method declaration, suitable for attaching to the end of a URL.
Consider Listing 7.6, a simple script that tracks a user's name and the number of times
they've visited the page. The first step is to call the session_start function. This sends
the cookie to the browser, and therefore it must be called before sending any content.
Next, two variables are registered with the session, Name and Count. The former will be
used to track the user's name, and the latter to count the number of times the user
redisplays the page. Once registered, the values of these variables will be preserved in the
session. Before starting the HTML document, the example script sets Name with input
from a form submission if present, and then it increments the page counter.
The first bit of content the page provides is diagnostic information about the session. The
session name is set inside php.ini, along with several other session parameters. It is used
to name the cookie holding the session identifier. The identifier itself is a long string of
letters and numbers, randomly generated. By default, PHP stores sessions in /tmp using a
built-in handler called files. This directory isn't standard on Windows, and if it is not
present, sessions will not work correctly.
It's likely that other handlers will be added for storing sessions in relational databases, but
you do have the option of creating your own handler in PHP code using the
session_set_save_handler function. You can read about how you'd do that in Chapter
17. Sessions are encoded using serialization, a method for compacting variables into a
form suitable for storing as text strings. If you examine the files saved in /tmp, you will
find they match the strings returned by session_encode.