PHP DevCenter
oreilly.comSafari Books Online.Conferences.


Session Tracking: Part I

by W.J. Gilmore

The ability to gather, analyze, and implement information about visitors to your organization's web site is one of the most powerful aspects of this new media. The advantages of doing this are manifold -- this information is not only useful for analyzing the patterns of visitors who are interested in your products and/or services, but also allows you to provide customized services to these visitors. For example, not only could you learn which pages are most popular with French users, but you could also automatically recognize these users and provide them with a welcome message in French.

This type of customized service has become very popular. For example, allows you to view only what you're interested in viewing. This is great, because I'm a weather nut -- I go to the site so much that I would rather not have to waste time navigating around to the various parts of the site when I can just look at everything I want to see on one page. It can also customize each page to my tastes as I navigate through the site, further tailoring content -- even in areas that I have not specifically customized.

In this article, I will explain how you can begin creating your own customized web sites using PHP's session-tracking functionality. It's extremely easy to use, and very useful for creating customized Web applications. Before delving into the functionality, I'll begin by presenting a few introductory concepts.


PHP's session-handling features, first introduced in the 4.0 release, are native and thus require no additional packages other than the PHP distribution. I've had the opportunity to use sessions extensively on both non-Windows and Windows-based servers, and have not run into any compatibility problems thus far. However, there are a few configuration issues that you should keep in mind if you decide to use this cool feature. In this section, I'll present these issues, and will discuss others as applicable later in this article.

Configuration of PHP's session-handling feature takes place in the php.ini file in the section aptly titled "Session." There are currently 19 configuration directives found in this section, some of which are more important than others. I'll discuss the most important directives here:

session.save_handler (files | mm | user)

PHP supports three methods for storing and retrieving session information: within flat files (files), using shared memory (mm), and through user-defined functions (user). Storage within files is the most commonly used method, mostly because it's the default configuration setting.

Although this is sufficient for most situations, it's important to keep in mind that the number of session-storage files could quickly rise into the thousands and indeed, even hundreds of thousands depending on the number of site visitors. Shared memory is likely to be the fastest of the three methods, but is volatile because this information could easily be erased. The creation of user-defined functions is the most flexible of the three methods, but is also the most complicated. This method allows you to create custom storage and retrieval handlers, making it possible to store the session data within any PHP-supported media, such as an Oracle or MySQL database.

To use one of the three methods, you must set session.save_handler accordingly: files for file-based handling, mm for shared memory, or user for user-defined functions. For purposes of this article, I'll assume that you've left it at the default, files.

session.save_path (path/to/directory)

This directive is only useful when session.save_handler is set to files, as it is used to specify the location where the session files are to be stored. I would recommend setting this directory somewhere outside of the document root to ensure that the files can't be viewed through a browser. Furthermore, ensure that the directory can be written to and read by the user running PHP (probably "nobody").

session.auto_start (0 | 1)

This directive determines whether session-handling will be automatically initiated upon request. Since it's unlikely that you'll use sessions within every section of your site, this is by default set to 0. However, if you'd like to enable automated session support, set this directive to 1.

Of the 19 configuration directives, only the above three are of a general enough nature to be discussed without learning more about PHP's session-handling strategies and features.


Basically, a session can be defined as the timeframe in which a visitor navigates your web site. PHP is capable of tracking a visitor throughout his session by assigning a unique session identification number (SID) to that visitor. Although you can create SIDs in various ways, a default SID created by PHP might look like fc94ad8b1ee49ef79c713ee98ac1fcc4. There are two ways in which the SID can "follow" the user:

  • Storage and subsequent retrieval in a cookie
  • Rewriting of the URL to include the SID parameter

I'll discuss each strategy and its configuration directives in the following sections.

Pages: 1, 2, 3

Next Pagearrow

Valuable Online Certification Training

Online Certification for Your Career
Earn a Certificate for Professional Development from the University of Illinois Office of Continuing Education upon completion of each online certificate program.

PHP/SQL Programming Certificate — The PHP/SQL Programming Certificate series is comprised of four courses covering beginning to advanced PHP programming, beginning to advanced database programming using the SQL language, database theory, and integrated Web 2.0 programming using PHP and SQL on the Unix/Linux mySQL platform.

Enroll today!

Sponsored by: