Home >> FAQs/Tutorials >> PHP Script Tutorials and Tips >> Index

PHP Script Tips - Understanding and Using Sessions

By: FYICenter.com

Part:   1  2  3  4   5 

(Continued from previous part...)

If you re-run the first_page.php and next_page.php scripts presented in the previous tutorials, you will see some thing like:

Query string of the incoming URL: 
Cookies received:
  PHPSESSID = grm557vicj1edmiikgsa8hbd11
Value of MyLogin has been retrieved: FYICenter
Value of MyColor has been retrieved: Blue

Wait for 10 seconds, and start another browser window to run first_page.php. This is to triger the session garbage collection process to remove values stored in session grm557vicj1edmiikgsa8hbd11.

Go back to the first browser window on second_page.php, and click the browser refresh button, you will get something like:

Query string of the incoming URL: 
Cookies received:
  PHPSESSID = grm557vicj1edmiikgsa8hbd11
Value of MyLogin has been retrieved: 
Value of MyColor has been retrieved:

As you can see, session values are gone, the browser is still sending the same session ID as a cookie, but the all sesion values are expired (actually, the session file is removed by the garbage collection process).

How To Set session.gc_maxlifetime Properly?

As you know that session.gc_maxlifetime is the session value timeout period. You should set this value based on the usage pattern of your visitors. Here are some suggestions:

# Set it to 20 minutes for a normal Web site:
session.gc_maxlifetime = 1200

# Set it to 24 hours if visitors comes to the site many time a day:
# Example: Yahoo email site expires your session in 24 hours.
session.gc_maxlifetime = 86400

How To Set session.gc_divisor Properly?

As you know that session.gc_divisor is the frequency of when the session garbage collection process will be executed. You should set this value based on the income request traffic. Here are some suggestions:

# Set it to 10, if traffic is less than 10,000 per day:
session.gc_divisor = 10

# Set it to 100, if traffic is between 10,000 and 100,000 per day:
session.gc_divisor = 100

# Set it to 1000, if traffic is greater than 100,000 per day:
session.gc_divisor = 1000

How To Remove Values Saved in the Current Session?

If you want to remove values saved in the current session, you should use the unset() function on those saved values in $_SESSION, or use array() to empty $_SESSION:

  • unset($_SESSION['MyColor']) - Removes one value named MyColor in the current session.
  • $_SESSION = array() - Removes all values in the current session.
  • unset($_SESSION) - Bad statement. It may affect the session mechanism.

How To Tell If a Session Is New?

There is not direct way to tell if a session is new or old. But you can design your site to have a required session value in all sessions. Then you can check the existence of this value in a session to determine if it is a new session by isset($_SESSION['name']).

Let's say you decided to have a required session value called "Status" with two possible values: "Guest" and "Registered". The landing script of your site should look like:

<?php
  session_start();
  if (!isset($_SESSION['Status'])) {
    $_SESSION["Status"] = "Guest";
    print("<html><pre>");
    print("Welcome to FYICenter.com!\n");
    print("  <a href=login.php>Login</a>\n");
    print("  <a href=guest_home.php>Stay as a guest</a>\n");
    print("</pre></html>\n");
  } else {
    if ($_SESSION["Status"] == "Guest") {
      header( 'Location: http://localhost/guest_home.php');
    } else if ($_SESSION["Status"] == "Registered") {
      header( 'Location: http://localhost/home.php');
    }
  }
?>

(Continued on next part...)

Part:   1  2  3  4   5 


Selected Developer Jobs:

More...