A PHP session variable is used to store information about, or change settings for a user session. Session variables hold information about one single user, and are available to all pages in one application.

PHP Session Variables

When you are working with an application, you open it, do some changes and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are and what you do because the HTTP address doesn’t maintain state.

A PHP session solves this problem by allowing you to store user information on the server for later use (i.e. username, shopping items, etc). However, session information is temporary and will be deleted after the user has left the website. If you need a permanent storage you may want to store the data in a database.

Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID. The UID is either stored in a cookie or is propagated in the URL.

When using sessions variables in your page (example: to protect from unauthorised users),

the first command of the page must be

<?php session_start(); ?>

This tell that the stored session information is requested.

To store session variables, do this :

<?php
session_start();
// store session data
$_SESSION['user_id']=1;
?>

This creates a session variable called user_id.

Now you want to test the session variable against some value or see if a user is authentified.

You could use this for example

<?php

if  (!isset($_SESSION['user_id']))

// User not authentified, go to the login page

redirect("Location:loginpage.php");
}

?>