Where are $_SESSION variables stored?
The location of the $_SESSION
variable storage is determined by PHP's session.save_path
configuration. Usually this is /tmp
on a Linux/Unix system. Use the phpinfo()
function to view your particular settings if not 100% sure by creating a file with this content in the DocumentRoot
of your domain:
<?php
phpinfo();
?>
Here is the link to the PHP documentation on this configuration setting:
http://php.net/manual/en/session.configuration.php#ini.session.save-path
How server stores session variables created using PHP?
Sessions may but don't have to use database backend. The rest of your statements are generally fine (cookies, session_id).
Default session storage in PHP is a file in /tmp
folder - path can be checked by printing session.save_path
.
To summarize, sessions can utilize:
- File(s) on hard disk
- File(s) in memory e.g. in
/dev/shm
and its subfolders (/tmp can also reside in RAM) - Database - session tables may reside on disk or in memory
- Specialized memory backends
Response to your comment: You understand the process of sharing session data between browser and web server. But session storage used is important for you if you want to access session data manually (outside of PHP script).
If you store user_id
in $_SESSION
variable, then yes - you can use it to query database for user related information using it from within your PHP script in any subsequent request.
How to use store and use session variables across pages?
Reasoning from the comments to this question, it appears a lack of an adjusted session.save_path causes this misbehavior of PHP’s session handler. Just specify a directory (outside your document root directory) that exists and is both readable and writeable by PHP to fix this.
Where is $_SESSION data stored and when it gets deleted?
They are stored on the php server, and get deleted after a certain timeout when the server hasn't had a request from the associated client. The timeout is configurable in php.ini or directly from your script.
Session Variables Not Being Stored
If you want your session variables to appear on any other page, then session_start();
must be included inside all your pages using sessions.
Footnotes:
Should you happen in the future to get the following error message: headers already sent
, you could add ob_start();
just above session_start();
Relevant links:
- http://www.php.net/manual/en/features.sessions.php
- http://www.php.net/session_start
- http://www.php.net/ob_start
- http://www.php.net/header
where does session save?
The session data that you read and write using $_SESSION
is stored on server side, usually in text files in a temporary directory. They can not be accessed from outside.
The thing connecting a session to a client browser is the session ID, which is usually stored in a cookie (see the comments for exceptions to that rule). This ID is, and should be, the only thing about your session that is stored on client side.
If you delete the cookie in the browser, the connection to that session is lost, even if the file on the server continues to exist for some time.
The session.save_path
variable influences the location on the server where the session data is stored. If you are not the server's administrator, it is usually not necessary to change it.
Where should be data stored? Session variables OR Hidden fields?
Primarily opinion based, but each has pros and cons.
Storing in $_SESSION:
- Pro: allows you to store private data that you don't necessarily want to fire back to the user, ie: either application-internal data, or the user's private data that should not be returned into the page, such as credit card details, passwords, and other personal information.
- Con: The session will expire after its configured timeout, and the user will lose their work.
Storing in hidden fields:
- Basically reverse the pros and cons for $_SESSION.
- IMHO, using hidden fields like this is a huge kludge.
The ideal way is to use a custom session handler to store the session data in a way that it is not lost when the session expires.
Where session variable is stored in java web application
The "session" variable consists of two pieces, a very small session identifier which is stored on the client usually named jSessionId
and stored as a cookie. But, the sessionId may also be encoded into URLs.
The second piece of a session is the actual data, and it is stored on the server. Possibly in a server-side database if the your server is part of a multi-server cluster. Each session is identified by that sessionId and the client sends it with every request. That is why it is designed to be very small.
How to store a variable in php using session
at the top of page
session_start();
then to set session
variable
$_SESSION['id'] = $someID;
To retrieve the value of id
$pid = $_SESSION['id'];
Further more read more about session here
Related Topics
How to Set HTML Value Attribute (With Spaces)
How to Push Both Value and Key into PHP Array
Are Arrays in PHP Copied as Value or as Reference to New Variables, and When Passed to Functions
How to Enable Curl in PHP/Xampp
What Does $$ (Dollar Dollar or Double Dollar) Mean in PHP
Insert Array into MySQL Database With PHP
PHP/MySQL Insert Row Then Get 'Id'
Get Url Query String Parameters
How to Make a PHP Soap Call Using the Soapclient Class
How to Add/Remove Pkcs7 Padding from an Aes Encrypted String
Method="Post" Enctype="Text/Plain" Are Not Compatible
What Is the Point of Interfaces in PHP