PHP Sessions

December 18, 2021, Learn eTutorial

In this PHP tutorial, you will learn all about the Sessions in PHP. We will also discuss how to start a session, create a session, check session, access session and destroy the session

What are Sessions in PHP?

In general, a session is a communication frame between two mediums. A PHP session is used to save data to a server rather than the user's machine. Session identifiers, or SIDs, are numbers that are used to identify each user in a session-based system. The SID is used to associate the user with his information on the server, such as posts, emails, and so on. 

PHP : Html Form
Although cookies may be used to store data, there are certain security concerns. Because cookies are saved on the user's computer, an attacker may easily manipulate the cookie content to introduce potentially malicious data into your application, potentially breaking it. Furthermore, every time a browser requests a URL from a server, all cookie data for a website is automatically transmitted to the server as part of the request. This implies that if you keep 5 cookies on the user's device, each of which is 4KB in size, the browser must upload 20KB of data each time the user accesses a page, which might hinder the speed of your site. Using the PHP session, we can overcome both of these problems.

How to start a session in PHP?

We must first start the session before you can store any data in session variables. Simply execute the PHP session_start() method to start a new session. It will start a new session and assign the user a unique session ID.


Similar to cookies we must start the session at the beginning of the script using the session_start() function.

How to store data in the session in PHP?

Using the $_SESSION[] superglobal array, we may store session data in key-value pairs. During the lifespan of a session, the stored data can be accessed.   

$_SESSION['user'] = "Roy";

How to access sessions in PHP?

To access a session value, we use the PHP $_SESSION[] superglobal variable. It is often an associative array containing a list of all session values given by the browser in the current request, keyed by session name. Using normal array syntax, the individual session value may be obtained.


Example: “session.php” the page containing the session

$_SESSION['user'] = "Roy";

“session_demo.php” page accessing the session values

<!DOCTYPE html>
<html lang="en">
    <h1>Hi! <?php echo $_SESSION['user'] ?> Welcome to</h1>

PHP - session

As we can see in the above example which all page is accessing the session values the function session_start() should be declared. And all those pages should belong to the same domain

How to destroy sessions in PHP?

If we just want to destroy only a specific session we can use the unset() function with the key of that session as the argument.

if (isset($_SESSION['user'])) {

If we want to destroy the whole session we can use the function session_destroy(). The session_destroy() function doesn’t require any arguments. After using the session_destroy() we won’t be able to access any of the sessions.