<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Introduction</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="book.session.html">Sessions</a></div>
<div class="next" style="text-align: right; float: right;"><a href="session.setup.html">Installing/Configuring</a></div>
<div class="up"><a href="book.session.html">Sessions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="intro.session" class="preface">
<h1 class="title">Introduction</h1>
<p class="para">
Session support in PHP consists of a way to preserve certain data
across subsequent accesses. This enables you to build more
customized applications and increase the appeal of your web site.
</p>
<p class="para">
A visitor accessing your web site is assigned a unique id, the
so-called session id. This is either stored in a cookie on the
user side or is propagated in the URL.
</p>
<p class="para">
The session support allows you to store data between requests in the
<var class="varname"><var class="varname"><a href="reserved.variables.session.html" class="classname">$_SESSION</a></var></var> superglobal array. When a visitor accesses
your site, PHP will check automatically (if <a href="session.configuration.html#ini.session.auto-start" class="link">session.auto_start</a>
is set to 1) or on your request (explicitly through
<span class="function"><a href="function.session-start.html" class="function">session_start()</a></span> or implicitly through
<span class="function"><a href="function.session-register.html" class="function">session_register()</a></span>) whether a specific session
id has been sent with the request. If this is the case, the prior
saved environment is recreated.
</p>
<div class="caution"><strong class="caution">Caution</strong>
<p class="para">
If you turn on <a href="session.configuration.html#ini.session.auto-start" class="link">
session.auto_start</a> then the only way to put objects
into your sessions is to load its class definition using
<a href="ini.core.html#ini.auto-prepend-file" class="link">auto_prepend_file</a>
in which you load the class definition else you will have to
<span class="function"><a href="function.serialize.html" class="function">serialize()</a></span> your object
and <span class="function"><a href="function.unserialize.html" class="function">unserialize()</a></span> it
afterwards.
</p>
</div>
<p class="para">
<var class="varname"><var class="varname"><a href="reserved.variables.session.html" class="classname">$_SESSION</a></var></var> (and all registered variables) are serialized
internally by PHP using the serialization handler specified by the
<a href="session.configuration.html#ini.session.serialize-handler" class="link">session.serialize_handler</a> ini setting,
after the request finishes. Registered variables which are undefined are
marked as being not defined. On subsequent accesses, these are not defined
by the session module unless the user defines them later.
</p>
<div class="warning"><strong class="warning">Warning</strong>
<p class="para">
Because session data is serialized, <span class="type"><a href="language.types.resource.html" class="type resource">resource</a></span> variables cannot
be stored in the session.
</p>
<p class="para">
Serialize handlers (<em>php</em>
and <em>php_binary</em>) inherit register_globals
limitations. Therefore, numeric index or string index contains
special characters (<em>|</em>
and <em>!</em>) cannot be used. Using these will end up
with errors at script shutdown. <em>php_serialize</em>
does not have such limitations. <em>php_serialize</em>
is available from PHP 5.5.4.
</p>
</div>
<blockquote class="note"><p><strong class="note">Note</strong>:
<p class="para">
Please note when working with sessions that a record of a session
is not created until a variable has been registered using the
<span class="function"><a href="function.session-register.html" class="function">session_register()</a></span> function or by adding a new
key to the <var class="varname"><var class="varname"><a href="reserved.variables.session.html" class="classname">$_SESSION</a></var></var> superglobal array. This
holds true regardless of if a session has been started using the
<span class="function"><a href="function.session-start.html" class="function">session_start()</a></span> function.
</p>
</p></blockquote>
<blockquote class="note"><p><strong class="note">Note</strong>:
<p class="para">
PHP 5.2.2 introduced an undocumented feature to store session files
in "/tmp" even if <a href="ini.core.html#ini.open-basedir" class="link">open_basedir</a>
was enabled and "/tmp" is not explicitly added to the allowed paths
list. This feature has been removed from PHP as of PHP 5.3.0.
</p>
</p></blockquote>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="book.session.html">Sessions</a></div>
<div class="next" style="text-align: right; float: right;"><a href="session.setup.html">Installing/Configuring</a></div>
<div class="up"><a href="book.session.html">Sessions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
