Using Sessions to Maintain State in PHP

HTTP is a stateless protocol, thus making any static web page stateless. The essence of statelessness is still a challenge for many beginner Web developers to grasp, particularly on the subject of how to maintain state.

In order to pass data from one web page to another, some kind of special mechanism must take place. While I won’t dwell too much and too deep in these mechanisms (e.g. cookies, localStorage, sessionStorage, indexedDB), you need sessions in PHP in order to maintain state. PHP has a super global array variable called $_SESSION which you can use to store data and the data will be persistent on the site as long as the session remains active. The only caveat is that you MUST start the session on each page that’s going to use/access the $_SESSION variable.

To start a session, call the session_start() function in your PHP file.

<?php
	session_start();
?>

This function is usually placed at the top of the page, but it can start anywhere. As soon as this function is invoked, the session is started and the super global $_SESSION variable can be used to store data.

When you want to store data so that the same piece of data is accessible on any page that has session turned on, you store that data inside the $_SESSION array just like you would with a standard array.

Session Example
Let’s say that you have two PHP pages: pageA.php and pageB.php. You want to pass the name “Emily” from pageA.php to pageB.php.

<?php
  session_start();
  $username = "Emily";
  //The data is saved into the array with the key called "user"
  $_SESSION["user"] = $username; 
?>

That’s how you pass data from page to page in PHP. So with this in mind, after a user is logged in, you save the user into a session. From that point on, the session is active in memory (RAM) so that you can always check the current state of that information on any other PHP page.

<?php
	session_start();
    //retrieve the data from the array with same key "user"
  	$username = $_SESSION["user"]; 
	echo "Hello " . $username; //prints Hello Emily
?>

Let’s say that on another page, pageC.php, you want to display a message to the user but ONLY if the user has been signed in. We’ll use the same $username above.

<?php
  // Start the session on every page you want to access the $_SESSION[] array.
  session_start(); 
  $secret_message = "This is a secret message.";
  if(isset($_SESSION["user"]) {
    echo $secret_message;
  }else {
    echo "Sorry, you’re not allowed to see the message.";
  }
?>

The isset($_SESSION["user"]) function checks to see if the session for “user” has been set. Once it’s been set, it will be persistent across the entire site until the session is timed out (e.g. no activity for a length of time), the user closes the browser, or you (the programmer) destroy the session — at which time the $_SESSION["user"] is destroyed and unset, and thus will evaluate to False.

Using session is a common way to pass data from page to page and to ensure that only logged-in users are allowed to access certain pieces of information on the site.