PHP Sessions Tutorial
PHP sessions tutorial with login example
PHP Sessions Tutorial: Managing User Data Across Pages
PHP sessions allow you to store user information on the server and access it across multiple pages. They are essential for creating login systems, dashboards, carts, and any feature requiring user-specific memory.
This tutorial covers:
What sessions are
How sessions work internally
Starting and using sessions
Updating and deleting session variables
Logout functionality
Real-world login example
Security best practices
What Is a Session?
A session stores data on the server, identified by a unique session ID stored in the user's browser (as a cookie named PHPSESSID).
Sessions are used for:
Login systems
Shopping carts
Flash messages
User preferences
Sessions are more secure than cookies because data is stored server-side.
Starting a Session
You must call session_start() at the top of your PHP file, before output.
<?php
session_start();
?>
Storing Session Variables
<?php
session_start();
$_SESSION['username'] = "Shubham";
$_SESSION['role'] = "admin";
echo "Session variables set!";
?>
Reading Session Data
<?php
session_start();
echo "Welcome, " . $_SESSION['username'];
?>
Always check if a key exists:
if (isset($_SESSION['username'])) {
echo $_SESSION['username'];
}
Unset a Specific Session Variable
unset($_SESSION['role']);
Destroying the Entire Session (Logout)
<?php
session_start();
session_unset(); // clears variables
session_destroy(); // ends session
?>
Simple Login System Using Sessions
login.php
<!DOCTYPE html>
<html>
<body>
<h2>Login</h2>
<form action="login_action.php" method="POST">
<input type="text" name="username" placeholder="Username" required><br><br>
<input type="password" name="password" placeholder="Password" required><br><br>
<button type="submit">Login</button>
</form>
</body>
</html>
login_action.php
<?php
session_start();
$user = $_POST['username'] ?? '';
$pass = $_POST['password'] ?? '';
if ($user === 'admin' && $pass === '12345') {
$_SESSION['logged_in'] = true;
$_SESSION['username'] = $user;
echo "Login successful! <a href='profile.php'>Go to Profile</a>";
} else {
echo "Invalid credentials.";
}
?>
profile.php
<?php
session_start();
if (!isset($_SESSION['logged_in'])) {
echo "Access denied. <a href='login.php'>Login</a>";
exit;
}
echo "<h2>Welcome, " . $_SESSION['username'] . "!</h2>";
echo "<a href='logout.php'>Logout</a>";
?>
logout.php
<?php
session_start();
session_unset();
session_destroy();
echo "You have been logged out.";
?>
Session Lifetime
Sessions expire when:
The browser closes (default), or
Server garbage collection removes them
Change cookie lifetime:
session_set_cookie_params(3600); // 1 hour
session_start();
Security Best Practices
Always regenerate session ID after login:
session_regenerate_id(true);
Use HTTPS for secure cookie transmission.
Never store passwords in sessions.
Validate all input before storing in
$_SESSION.
Sessions vs Cookies
| Feature | Sessions | Cookies |
|---|---|---|
| Storage | Server | Browser |
| Security | More secure | Less secure |
| Size Limit | Large | 4KB |
| Best For | Login, carts | Preferences |
Summary
In this tutorial, you learned:
How to start and use PHP sessions
How to store and read session variables
How to unset and destroy sessions
How to build a simple login system
Sessions are essential for building dynamic, secure PHP applications.
Table of content
- Introduction to PHP
- Setting Up PHP Environment
- PHP Basics
- Control Structures
- Working with Functions
- PHP Forms and User Input
- Working with Arrays
- PHP with Files
- PHP and MySQL
- Sessions and Cookies
- Object-Oriented Programming in PHP
- Advanced PHP Concepts
- Popular PHP Frameworks
- Resources and References