Now that we understand how to work with cookies, we're ready to talk about how to work with Sessions. Early on I told that you that there are three main ways that we can get data from our users. They can either type a URL or click a link, and that'll be a get request. They can submit a form to us and that would be a post request. Or we can pull values out of their browser cookies that are sent with every request that they make. That's what we've been looking at how to do recently. Well, there's actually a fourth one that I didn't tell you about. We should mention here. Which is sessions, and sessions are related to cookies, so they kind of go together because they rely on cookies to do their work.
A session is a file that's stored on the web server. Not on the browser side, it's on the web server in the web server's file system. And you can store a lot more information in this file, than you can in a browser cookie. So when we want to save some information the process is, instead of sending it as a cookie to the user, we put it in the session file. And then we still send a cookie to the user, but what we send them is a reference to that session file. Then with every request they make to the web server after that, they send that reference and were able to look up that session file, and pull all the data out of it.
So the most important difference with sessions is the fact that they're stored server side, and not client side. They stay on the web server. All we send to the client is a reference to help us find that file the next time that they make a request. Using sessions has some benefits as well as some drawbacks. First, let's look at the pros. First, you get more storage with a session than with a cookie. A cookie is limited to 4000 characters maximum. Now, most times you're probably going to put something much, much smaller in there, but that is the limit. You can't put a whole lot in there.
Where as with the session, it's really limited only by the file storage size that you have on your web server. How big of a hard drive do you have? That's the limit. The other nice thing is that it makes for smaller request sizes. Let's say that we did have 4000 characters that we were storing in a cookie. Well, every single request that comes from that user is going to carry all 4000 characters back to us. If we just have a session, then it's going to be sending us just that session ID. That's it. All the heavy data is still sitting on the web server, it doesn't have to be sent in with each and every request.
Another nice benefit is the fact that it conceals our data values. Remember with cookies, we could just go into our data browser and see what those values were. But that won't be true with sessions. The only thing you can see is the reference to the session ID, and that ID is really not that meaningful. All the data is still stored on the server side, and that makes it more secure and less hackable. There are some drawbacks though. It's slower to access. If you think about it, when a cookie comes in, the data comes in with every request. Nice and simple. When a session comes in, we have to get that session value out of the cookie, then turn around and go to the file system, find the file, and then read the data back out of the file.
Sessions are designed to expire. If the user closes their browser, then that cookie that has a reference to the session expires and goes away. And when they reopen their browser and start again, they won't have that cookie anymore to send with each and every request. Unfortunately though, the session file that you are storing all that data in, is still there, so that's an important con to keep an eye on. It's the fact that the session files can accumulate. As part of your server management, you're going to want to keep an eye on those files, and have a system in place to go through periodically and prune those back.
So, we can have a difference. Cookies are going to be in cookie, the session variables are going to be inside session. We're going to access it in the same way. Let's try it. So, to start with, let's take basic.html, open it up, and I'll do Save As. And we'll call this sessions.php. And to start a session, it's really easy, we just say session start. This command has a little bit of magic behind it, because what it does is it tells PHP to grab the session cookie that's related to the session. Go and find the session file, open it up and get the data out and populate our super global with it.
That's a good practice anyway. Before we even do anything else, let's get our session rolling. Let's get all that housekeeping out of the way, and then we'll be ready to take care of business from there. So without doing anything else, let's just save our file and let's load that page up. Go into Firefox and set cookies, load up sessions. Here you can see that I'm on the sessions page because the title changed. And let's just go now into Firefox, into our Preferences and let's just take a look at our cookies. Let's do Show Cookies and here's local host and look at that, PHPSESSID. That's the default name for session cookies.
And in your PHPINNI file, you can configure that something else if you want. That's pretty standard, and it's fun. Now, notice what the content is though. It is a reference that is pretty meaningless. It's a long string that is going to allow PHP to locate the file, but at the same time it doesn't give away a lot of details about the way that our site works. For example, if we had a user ID and a stored number 45 in a cookie, well, now the person knows a little bit about it. They know that the record 45 in our database is that user. Now they don't know that, now they just have a reference to some mysterious file that lives on the web server.
Okay, now that we have our session established, we're ready to start working with values. And it's really just super simple, we just say PHP and then Session, and let's set one, first name equals Kevin. Notice that I didn't have to do any special set cookie kind of thing or anything like that. I can just refer to this variable, and PHP will take care of putting it in the Session file for me. I don't have to do anything special. And then let's try getting that back. Let's say the name is going to be equal to session first name, and then echo back name.
Let's try it. Let's reload the page, there it is. Notice that it was able to set it, and read it all in the same request recycle. That's different than what we had with cookies, and that's because we don't have to go back to the user's browser to either set a value or get a value. It's happening right here from the session file that we have open. So, it's writing the value directly into it, and then immediately reading that same value back. That's the nice thing about working with sessions. Now, there's a lot more that you can do with sessions. You can retrieve that session ID if you need it inside your code.
Get unlimited access to all courses for just $25/month.Become a member
82 Video lessons · 97508 Viewers
61 Video lessons · 84747 Viewers
71 Video lessons · 68923 Viewers
56 Video lessons · 101377 Viewers
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Your file was successfully uploaded.