Skip to content

Instantly share code, notes, and snippets.

@vielhuber
Last active December 14, 2022 09:24
Show Gist options
  • Save vielhuber/24fca10e4500fdf3a9e1d4277ee4d980 to your computer and use it in GitHub Desktop.
Save vielhuber/24fca10e4500fdf3a9e1d4277ee4d980 to your computer and use it in GitHub Desktop.
sessions #php
  • if you want to store sensitive information very easily on the server (and not on the client) and don't want to use a database
  • a session cookie is stored on the client to identify the user
  • the session cookie ends until the user closes the browser (but it can be extended)
  • sessions can also be used on backends that are called via javascript

start session

session_start();

additional config of session cookie

ini_set('session.use_strict_mode', 1); // prevent user-supplied session-id
session_set_cookie_params([
   'secure' => (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'),
   'httponly' => 1, // prevent javascript-access to session-id
   'samesite' => 'Lax'
]);

extend session (at least in minimum, not accurate!)

$session_time = 60 * 60 * 24 * 30; // 30 days
ini_set('session.gc_maxlifetime', $session_time);
session_set_cookie_params($session_time);
session_start();

store data

$_SESSION['foo'] = 'bar';
$_SESSION['bar'] = ['baz' => 'gnarr'];

get data

echo $_SESSION['foo'];

delete data

unset($_SESSION['foo']);

destroy session

session_unset(); // clear $_SESSION, equivalent of $_SESSION = []
session_destroy(); // clears the session data on the server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment