Need to build an online shopping cart in a hurry? This articletakes a look at session management, an important component oftransaction-based Web sites, and explains the fundamentals of addingsession support to your site. Examples in PHP4 and PHP3 with PHPLib.
It's one of the things geeks say to each other when they want to impress the young women in earshot: "HTTP is a stateless protocol, and the Internet is a stateless development environment". In simple language, all this means is that the HyperText Transfer Protocol, which is the backbone of the Web, is unable to retain a memory of the identity of each client that connects to a Web site, and therefore treats each request for a Web page as a unique and independent connection, with no relationship whatsoever to the connections that preceded it - very similar to the behaviour of some of today's more adventurous teenagers, who get drunk every night, wake up the next morning with no memory at all of what happened, and go out again in the evening to do the same thing all over again...
Now, so long as you're aimlessly surfing from one site to another, this works without a problem. But what if you've decided to buy a few books from Amazon.com? In a "stateless environment", it would be very difficult to keep track of all the items you've shortlisted for purchase, as the stateless nature of the HTTP protocol would make it impossible to keep track of the items selected.
Consequently, what is required is a method that makes it possible to "maintain state", something that allows client connections to be tracked and connection-specific data to be maintained. And thus came about "cookies", which allowed Web sites to store client-specific information in a file on the client system, and access the information in the file whenever required. So, in the shopping cart example above, the items selected would be added to the cookie, and would be retrieved and presented to the customer in a consolidated list during the billing process.
The only problem with this cookie-based approach is that it is dependent on the cookie being accepted by the client. And so, another common approach is the use of a "session" to store specific bits of information when a client visits a Web site; this session data is preserved for the duration of the visit, and is usually destroyed on its conclusion. A session can thus be considered a basket of information which contains a host of variable-value pairs; these variable-value pairs exist for the duration of the visit, and can be accessed at any point during it. This approach provides an elegant solution to the "stateless" nature of the protocol, and is used on many of today's largest sites to track and maintain information for personal and commercial transactions.
Every session created is associated with a unique identification string; this string is sent to the client, while a temporary entry with the same unique identification number is created on the server, either in a flat file or in a database. It now becomes possible to register any number of "session variables" - these are ordinary variables, which can be used to store textual or numeric information, and can be read from, or written to, throughout the session.
Now, if you've been following the open source movement, you already know about PHP, the hottest scripting language on the planet. The latest release of the language, PHP4, includes support for session creation and maintenance, and we'll be showing you how to use it over the next few pages. If you still use PHP3, don't despair - we'll also be covering PHPLIB, a set of powerful PHP classes which adds seamless session management to PHP3-based sites.