PHP DevCenter
oreilly.comSafari Books Online.Conferences.


Session Tracking: Part I
Pages: 1, 2, 3

Deleting session variables

Sometimes it is necessary to delete session variables. This is easily accomplished with the function session_unregister(). For example, suppose you provide the user with the opportunity to deny the automatic setting of the background color to #8080ff as was done in Listing 1, instead causing the default white background color to be displayed. To illustrate how this is accomplished, I'll rewrite Listing 2, the result of which is shown in Listing 3:

Listing 3: Verifying and deleting session variables ("1-3.php")

<title>Session Example #1</title>

if ($seenform == "y") :

 if ($deletecolor == "y") :


if (! session_is_registered("bgcolor")) :


<body bgcolor="<?=$bgcolor?>" text="#000000" link="#808040" vlink="#606060" alink="#808000">

print "Your SID is $PHPSESSID <br>";
print "The persistent background color is: $bgcolor <br>";

if (! $seenform) :

  $form = <<<Form
  <form action="1-3.php" method="post">
  <input type="hidden" name="seenform" value="y">
  Do you like this background color?<br>
  <input type="radio" name="deletecolor" value="y">No<br>
  <input type="radio" name="deletecolor" value="n">Yes<br>
  <input type="submit" value="Submit">

  echo $form;


This simple example demonstrates the dynamics behind how session variables are registered (using session_register()), unregistered (using session_unregister()), and verified (using session_is_registered()).

Storing session variables in a cookie

The final concept I'd like to discuss is how to store several parcels of data within cookies on the client machine. Certain browsers place limitations on the number of cookies a domain can store at one time, therefore it becomes necessary to devise other techniques for storing this data. One such technique is to encode all the data into one long string and store it within a single cookie. Not surprisingly, those brilliant PHP developers had the foresight to create a function capable of doing exactly this, namely session_encode(). This function will return a single string containing all of the variable names and matching data, much like you would see appended to a URL. Consider Listing 4 for an example:

Listing 4: Encoding session data into a single string


$bgcolor = "#8080ff";
$name = "Daffy Duck";
$email = "";

$encoded_string = session_encode();

print "The encoded string is: $encoded_string";


Executing Listing 4, you should see something similar to the following:

The encoded string is: bgcolor|s:7:"#8080ff";name|s:10:"Daffy Duck";email|s:14:"";

This is particularly convenient because you can then store this string directly within a single cookie. The only thing you must be wary about is the overall cookie size, since most browsers support maximum cookie sizes of only around 5 kilobytes. To ensure the data is not erased (unintentionally or otherwise) by the user, you might want to store this string within a database and store only the session ID in a cookie on the client machine. Or, you could store the SID within the cookie and the encoded string within the database. Just keep security in mind in accordance with the sensitivity of the data being stored on the client browser. Still another alternative is to store the encrypted string in a cookie, and then decrypt it upon retrieval.

Regardless of what you decide to do with the data, you can later "unravel" the string and automatically restore the session variables by using the function session_decode(). Supposing you wanted to later decode $encoded_string:


This not only decodes the string into its respective name/value pairs, but it also makes each a session-variable.

What's next

This article introduced you to PHP's native session-tracking functionality. Details were provided regarding general configuration, strategies (cookies vs. URL rewriting) and PHP's predefined session functionality. To illustrate this useful feature, several examples were provided, giving you a taste of how sessions are used in a typical scenario.

In my next article, I'll expand upon this introduction of session-handling, focusing on how you can use PHP's session_set_save_handler() function to create customized session-storage functions. This is particularly useful when you would like to use a specific media for storage and retrieval of session information, such as a database. To illustrate this great feature, I'll explain how custom functions can be written which act to incorporate a MySQL database into the session-storage scheme.

W.J. Gilmore has been developing PHP applications since 1997, and is frequently published on the subject within some of the Web's most popular development sites. He is the author of 'A Programmer's Introduction to PHP 4.0' (January 2001, Apress), and is the Assistant Editorial Director of Web and Open Source Technologies at Apress.

Return to the PHP DevCenter.

Valuable Online Certification Training

Online Certification for Your Career
Earn a Certificate for Professional Development from the University of Illinois Office of Continuing Education upon completion of each online certificate program.

PHP/SQL Programming Certificate — The PHP/SQL Programming Certificate series is comprised of four courses covering beginning to advanced PHP programming, beginning to advanced database programming using the SQL language, database theory, and integrated Web 2.0 programming using PHP and SQL on the Unix/Linux mySQL platform.

Enroll today!

Sponsored by: