Tag Archives: Session ID

Creating a Simple Session Example-continue

page2. php code is:


echo ‘The content of $_SESSION[\’sess_var\’] is ‘
.$_SESSION[‘sess_var’].'<br />’;

<a href=”page3.php”>Next page</a>

Unsetting Variables and Destroying the Session

When you are finished with a session variable, you can unset it.You can do this directly
by unsetting the appropriate element of the $_SESSION array, as in this example:
Note that the use of session_unregister() and session_unset() is no longer
required and is not recommended.These functions were used prior to the introduction
You should not try to unset the whole $_SESSION array because doing so will effectively
disable sessions.To unset all the session variables at once, use
$_SESSION = array();
When you are finished with a session, you should first unset all the variables and
then call  session_destroy();
to clean up the session ID.

Storing the Session ID

PHP uses cookies by default with sessions. If possible, a cookie will be set to store the
session ID.
The other method it can use is adding the session ID to the URL.You can set this to
happen automatically if you set the session.use_trans_sid directive in the php.ini
file. It is off by default.You should use caution when turning this directive on as it
increases your site’s security risks. If this is set to on, a user can email the URL that contains
the session ID to another person, the URL could be stored in a publically accessible
computer, or it may be available in the history or bookmarks of a browser on a publically
accessible computer.

Alternatively, you can manually embed the session ID in links so that it is passed along.The session ID is stored in the constant SID.To pass it along manually, you add it to the end of a link similar to a GET parameter:  <A HREF=”link.php?<?php echo strip_tags(SID); ?>”>
(The strip_tags() function is used here to avoid cross-site scripting attacks.)
Compiling with –enable-trans-sid is generally easier, however.