PHP Session under the Hood

A session is a temporary and interactive information interchange between two or more devices. A session is a basic step to transmit in connectionless communication modes.

Why do we need the session?

Because each request in HTTP is executed independently, without any knowledge of the requests that were executed before it, which means once the transaction ends the connection between the browser and the server is also lost.

HTTP is a stateless protocol.

In its original design, HTTP is a relatively simple file transfer protocol:

1. Make a request for a file named by a URL,
2. Get the file in response,
3. Disconnect.

There was no relationship maintained between one connection and another, even from the same client.

In order to associate a request to any other request, you need a way to persist state information between HTTP requests and Session servers for this purpose very well.

There are two primary purposes of the session:

1- Preserve state information across subsequent requests

2- Store data for individual users against a unique session ID.

How does Session work in PHP?

<?php session_start(); ?>

When a session is started, PHP will either retrieve an existing session using the ID passed (usually from a session cookie), or if no session is passed it will create a new session.

Session and cookie work alongside.

1. When the session is started, PHP creates a 16-byte unique identifier
2. Pass unique identification number to user browser asPHPSESSID cookie
3. Create a new file on the server with the same name as the unique identifier (ie sess_n0cgde42ju4v8vkqle6dpqmaqg)

An example is better than 1000 words:

Let’s do it practically, to have a better idea.

1- Open terminal ( Ctrl + alt + T Ubuntu/Linux)

2- Go to /var/www/html directory ( cd /var/www/html)

3- Create a new file php_session.php( sudo nano php_session.php )

After the file is created just add the below line for testing.

<?php session_start(); ?>

4- Press Ctrl + O to save the file and hit enter.

Here the fun begins:

Now open your browser ( Google Chrome) and browse to our newly created file on localhost by following path http://localhost/php_session.php

Now Inspect Element ( Ctrl + Shift + I) and go to Cookies in the Application tab.

Here you will find the Session ID against the PHPSESSID cookie.

This PHPSESSID cookie is actually a session id and is used to preserve the information across the different subsequent requests.

When is this PHPSESSID cookie going to be used?

In our current example, if we reload our page this cookie going to be sent to the server in the Request Headers.

Reload your page and go to the Network tab in Inspect Element.

What happens on the Server Side?

By default, sessions are stored in files in PHP. Open your default localhost page to see this path. In my case it is var/lib/php/sessions/

Open your terminal, go to the session directory, and check if your session file with the same cookie name exists in that directory.

That is all for this article. I hope now you have a better understanding of how the PHP session works.

Thanks for reading this blog.