$_SESSION

(PHP 4 >= 4.1.0, PHP 5, PHP 7, PHP 8)

$_SESSION — Variables de sesión

Descripción

Es un array asociativo que contiene variables de sesión disponibles para el script actual. Ver la documentación de Funciones de sesión para más información sobre su uso.

Notas

Nota: Esto es una 'superglobal', o variable global automática. Esto significa simplemente que esta variable está disponible en todos los contextos del script. No es necesario hacer global $variable; para acceder a ella en las funciones o los métodos.

Ver también

session_start() - Inicia una nueva sesión o reanuda una sesión existente

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

＋add a note

User Contributed Notes 3 notes

down

Tugrul ¶

11 years ago

Creating New Session
==========================
<?php 
session_start();
/*session is started if you don't write this line can't use $_Session  global variable*/
$_SESSION["newsession"]=$value;
?>
Getting Session
==========================
<?php 
session_start();
/*session is started if you don't write this line can't use $_Session  global variable*/
$_SESSION["newsession"]=$value;
/*session created*/
echo $_SESSION["newsession"];
/*session was getting*/
?>
Updating Session
==========================
<?php 
session_start();
/*session is started if you don't write this line can't use $_Session  global variable*/
$_SESSION["newsession"]=$value;
/*it is my new session*/
$_SESSION["newsession"]=$updatedvalue;
/*session updated*/
?>
Deleting Session
==========================
<?php 
session_start();
/*session is started if you don't write this line can't use $_Session  global variable*/
$_SESSION["newsession"]=$value;
unset($_SESSION["newsession"]);
/*session deleted. if you try using this you've got an error*/
?>

down

gemik850 at gmail dot com ¶

3 hours ago

PHP
<?php
// 1. Session and Database Initialization
session_start();

$host = 'localhost';
$db   = 'database_name';
$user = 'username';
$pass = 'password';

$dsn = "mysql:host=$host;dbname=$db;charset=utf8mb4";
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
];

try {
     $pdo = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
     throw new \PDOException($e->getMessage(), (int)$e->getCode());
}

// 2. Authentication Logic (Login)
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action_login'])) {
    $email = trim($_POST['email']);
    $password = $_POST['password'];

    $stmt = $pdo->prepare('SELECT id, password_hash FROM users WHERE email = ?');
    $stmt->execute([$email]);
    $user = $stmt->fetch();

    if ($user && password_verify($password, $user['password_hash'])) {
        // Regenerate session ID to prevent session fixation attacks
        session_regenerate_id(true);
        
        $_SESSION['auth_user_id'] = $user['id'];
        $_SESSION['auth_logged_in'] = true;
        
        header('Location: dashboard.php');
        exit;
    } else {
        echo "Invalid email or password.";
    }
}

// 3. Verification Condition (Check if user is logged in)
if (!isset($_SESSION['auth_logged_in']) || $_SESSION['auth_logged_in'] !== true) {
    // User is not authenticated, redirect to login page
    header('Location: login.php');
    exit;
}

// 4. Accessible only to authenticated users
echo "Access granted. User ID: " . htmlspecialchars($_SESSION['auth_user_id']);
?>

down

-2

bohwaz ¶

17 years ago

Please note that if you have register_globals to On, global variables associated to $_SESSION variables are references, so this may lead to some weird situations.

<?php

session_start();

$_SESSION['test'] = 42;
$test = 43;
echo $_SESSION['test'];

?>

Load the page, OK it displays 42, reload the page... it displays 43.

The solution is to do this after each time you do a session_start() :

<?php

if (ini_get('register_globals'))
{
    foreach ($_SESSION as $key=>$value)
    {
        if (isset($GLOBALS[$key]))
            unset($GLOBALS[$key]);
    }
}

?>

＋add a note